Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Alert issue


  • This topic is locked This topic is locked
17 replies to this topic

#1 Mikz86TA

Mikz86TA

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 12 October 2008 - 11:47 PM

I think I am having the same issue another person did.
I get a red icon in the toolbar that repeatedly says I have a security problem. It also keeps interfereing my task and has disabled my Task Manager access from the ctrl/alt/del method.
I did find a weird program running using HiJack this. But already killed it with HJT.
I did ATF Cleaner already.
I downloaded the new OT2 program. I followed the directions other post. I have the scan log.

Attached is the HJT and OT2 logs.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:41 AM, on 10/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\Documents and Settings\All Users\Application Data\gborivul\kdgdmxsn.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\DOCUME~1\Mikz\LOCALS~1\Temp\video1152.cfg.exe
C:\WINDOWS\system32\bevulmvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\devldr32.exe
C:\DOCUME~1\Mikz\LOCALS~1\Temp\b.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Mikz\Desktop\FIXERS\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4 Suite Deluxe\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O5 "LPT1:" /M "Stylus C80"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Mikz\LOCALS~1\Temp\video1152.cfg.exe
O4 - HKCU\..\Run: [SrvWin] C:\WINDOWS\system32\bevulmvc.exe
O4 - HKLM\..\Policies\Explorer\Run: [S87HVYvTNF] C:\Documents and Settings\All Users\Application Data\gborivul\kdgdmxsn.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D89D4E95-BA0C-4FD8-92E1-FED6DACB46E0}: NameServer = 68.28.250.92 68.28.242.91
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe

--
End of file - 4979 bytes


OTScanIt logfile created on: 10/13/2008 12:39:02 AM - Run 1
OTScanIt2 by OldTimer - Version 1.0.0.12b	 Folder = C:\Documents and Settings\Mikz\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.30 Mb Total Physical Memory | 690.46 Mb Available Physical Memory | 67.47% Memory free
2.41 Gb Paging File | 2.17 Gb Available in Paging File | 90.16% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 60.82 Gb Free Space | 47.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GREYGOOSE01
Current User Name: Mikz
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2008/07/03 23:12:02 | 00,561,152 | ---- | M] (ATI Technologies Inc.)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2008/07/03 23:12:02 | 00,561,152 | ---- | M] (ATI Technologies Inc.)
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2006/07/25 19:03:42 | 00,100,032 | ---- | M] (Symantec Corporation)
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [2007/08/31 18:19:45 | 00,066,872 | ---- | M] ()
spcsutilityservice.exe -> %ProgramFiles%\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -> [2007/08/29 14:14:12 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C)
kdgdmxsn.exe -> %AllUsersProfile%\Application Data\gborivul\kdgdmxsn.exe -> [2008/10/12 23:59:35 | 00,044,032 | ---- | M] ()
itouch.exe -> %ProgramFiles%\Logitech\iTouch\iTouch.exe -> [2004/03/18 09:33:26 | 00,892,928 | ---- | M] (Logitech Inc.)
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> [2007/12/12 17:40:42 | 00,098,304 | ---- | M] (Apple Computer, Inc.)
yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
e_a10ic2.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_A10IC2.EXE -> [2001/10/04 03:01:00 | 00,069,632 | ---- | M] (SEIKO EPSON CORPORATION)
video1152.cfg.exe -> %UserProfile%\Local Settings\Temp\video1152.cfg.exe -> [2008/10/12 23:58:57 | 00,078,340 | ---- | M] ()
bevulmvc.exe -> %SystemRoot%\system32\bevulmvc.exe -> [2008/10/12 23:59:34 | 00,077,824 | ---- | M] ()
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> [2002/11/21 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.)
devldr32.exe -> %SystemRoot%\system32\devldr32.exe -> [2001/08/17 18:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.)
b.exe -> %UserProfile%\Local Settings\Temp\b.exe -> [2008/10/12 23:59:05 | 00,087,040 | ---- | M] ()
spcscm.exe -> %ProgramFiles%\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM.exe -> [2007/08/29 14:12:12 | 00,233,472 | ---- | M] (Sierra Wireless)
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/06/23 05:20:52 | 00,625,664 | -HS- | M] (Microsoft Corporation)
hijackthis.exe -> %UserProfile%\Desktop\FIXERS\HiJackThis.exe -> [2008/03/11 14:06:37 | 00,401,720 | ---- | M] (Trend Micro Inc.)
notepad.exe -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 20:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/10/13 00:15:12 | 00,416,256 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [2008/07/03 23:12:02 | 00,561,152 | ---- | M] (ATI Technologies Inc.)
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [2008/07/03 21:05:00 | 00,593,920 | ---- | M] ()
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2006/07/25 19:03:42 | 00,100,032 | ---- | M] (Symantec Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> [2006/07/25 19:03:42 | 02,119,360 | ---- | M] (Symantec Corporation)
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [2007/08/31 18:19:45 | 00,066,872 | ---- | M] ()
(SPCSUtilityService) SPCSUtilityService [Win32_Own | Auto | Running] -> %ProgramFiles%\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -> [2007/08/29 14:14:12 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(ADPTEHCD) Adaptec USB 2.0 Enhanced Host Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aehcd.sys -> [2002/11/15 06:19:00 | 00,042,512 | R--- | M] (Adaptec Incorporated)
(ATI Remote Wonder II) ATI Remote Wonder II [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\atirwvd.sys -> [2004/01/23 10:52:31 | 00,258,044 | ---- | M] (Jungo)
(ati2mtag) ati2mtag [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2008/07/04 02:33:33 | 03,230,720 | ---- | M] (ATI Technologies Inc.)
(AUSBD_FilterService) Adaptec USB 2.0 Port Enumeration Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ausbd.sys -> [2002/11/15 06:19:00 | 00,023,056 | R--- | M] (Adaptec Incorporated)
(basic2) basic2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_BSC2.sys -> [2001/08/17 09:28:04 | 00,067,167 | ---- | M] (Conexant)
(cdrbsdrv) cdrbsdrv [Kernel | System | Running] -> %SystemRoot%\System32\drivers\CDRBSDRV.SYS -> [2004/03/08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation)
(ctljystk) Creative SBLive! Gameport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctljystk.sys -> [2001/08/17 08:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.)
(DM9102) DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DM9PCI5.SYS -> [2001/08/17 08:11:42 | 00,029,696 | ---- | M] (CNet Technology, Inc.													)
(emu10k) Creative SB Live! (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\emu10k1m.sys -> [2001/08/17 08:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.)
(emu10k1) Creative Interface Manager Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctlfacem.sys -> [2001/08/17 08:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.)
(Eplpdx02) Eplpdx02 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EPLPDX02.SYS -> [2000/09/13 02:00:00 | 00,066,240 | ---- | M] (MK Systems CO., LTD.)
(Fallback) Fallback [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_FALL.sys -> [2001/08/17 09:28:06 | 00,289,887 | ---- | M] (Conexant)
(Fsks) Fsks [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_FSKS.sys -> [2001/08/17 09:28:06 | 00,115,807 | ---- | M] (Conexant)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gameenum.sys -> [2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hsfbs2s2.sys -> [2004/08/04 01:41:46 | 00,220,032 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hsfdpsp2.sys -> [2004/08/04 01:41:54 | 01,041,536 | ---- | M] (Conexant Systems, Inc.)
(hsf_msft) hsf_msft [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_MSFT.sys -> [2001/08/17 09:28:10 | 00,542,879 | ---- | M] (Conexant)
(itchfltr) iTouch Keyboard Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\itchfltr.sys -> [2004/03/10 14:42:24 | 00,012,953 | ---- | M] (Logitech, Inc.)
(K56) K56 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_K56K.sys -> [2001/08/17 09:28:08 | 00,391,199 | ---- | M] (Conexant)
(L8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\L8042pr2.Sys -> [2002/11/08 05:50:00 | 00,052,238 | ---- | M] (Logitech, Inc.)
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouFlt2.Sys -> [2002/11/08 05:50:00 | 00,070,238 | ---- | M] (Logitech, Inc.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2004/08/04 01:41:55 | 00,011,868 | ---- | M] (Conexant)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2004/08/04 01:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2001/08/18 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> [2005/05/10 16:04:10 | 00,020,576 | ---- | M] (Sonic Solutions)
(Rksample) Rksample [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_SAMP.sys -> [2001/08/17 09:28:10 | 00,057,471 | ---- | M] (Conexant)
(SABProcEnum) SABProcEnum [Kernel | On_Demand | Stopped] -> %ProgramFiles%\internet explorer\SABProcEnum.sys -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [2006/10/10 13:53:48 | 00,005,632 | ---- | M] ()
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> [2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [2007/01/09 15:09:48 | 00,030,720 | ---- | M] ()
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sfman) Creative SoundFont Manager Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sfmanm.sys -> [2001/08/17 08:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.)
(SI3112) SiI-3512 SATALink Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SI3112.sys -> [2004/06/15 13:03:52 | 00,057,216 | R--- | M] (Silicon Image, Inc.)
(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SiWinAcc.sys -> [2004/05/21 05:38:50 | 00,010,240 | R--- | M] (Silicon Image, Inc.)
(SoftFax) SoftFax [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_FAXX.sys -> [2001/08/17 09:28:06 | 00,199,711 | ---- | M] (Conexant)
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation)
(swmsflt) swmsflt [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\swmsflt.sys -> [2007/08/10 11:08:48 | 00,024,456 | ---- | M] ()
(SWMX00) Sierra Wireless USB MUX Driver (#00) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\swmx00.sys -> [2007/06/27 11:42:32 | 00,073,856 | ---- | M] (Sierra Wireless Inc.)
(SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SWNC5E00.sys -> [2007/06/27 11:41:46 | 00,101,248 | ---- | M] (Sierra Wireless Inc.)
(Tones) Tones [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_TONE.sys -> [2001/08/17 09:28:12 | 00,050,751 | ---- | M] (Conexant)
(V124) V124 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\HSF_V124.sys -> [2001/08/17 09:28:12 | 00,488,383 | ---- | M] (Conexant)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hsfcxts2.sys -> [2004/08/04 01:41:48 | 00,685,056 | ---- | M] (Conexant Systems, Inc.)
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2001/08/18 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Page_Transitions" ->  -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
Hosts file not found -> -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 00:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{500BCA15-57A7-4eaf-8143-8C619470B13D} [HKLM] -> %SystemRoot%\system32\msxml71.dll [XML Class] -> [2008/10/12 23:59:01 | 00,117,252 | ---- | M] ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_08\bin\ssv.dll [SSVHelper Class] -> [2006/07/26 03:17:55 | 00,434,279 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 23:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Logitech Utility" -> %SystemRoot%\LOGI_MWX.EXE [Logi_MwX.Exe] -> [2002/11/08 05:50:00 | 00,019,968 | ---- | M] (Logitech Inc.)
"QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2007/12/12 17:40:42 | 00,098,304 | ---- | M] (Apple Computer, Inc.)
"Ulead Quick-Drop" -> %ProgramFiles%\Ulead Systems\Ulead DVD MovieFactory 4 Suite Deluxe\Ulead Quick-Drop 1.0\Quick-Drop.exe ["C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4 Suite Deluxe\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL] -> File not found
"zBrowser Launcher" -> %ProgramFiles%\Logitech\iTouch\iTouch.exe [C:\Program Files\Logitech\iTouch\iTouch.exe] -> [2004/03/18 09:33:26 | 00,892,928 | ---- | M] (Logitech Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"EPSON Stylus C80 Series" -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_A10IC2.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O5 "LPT1:" /M "Stylus C80"] -> [2001/10/04 03:01:00 | 00,069,632 | ---- | M] (SEIKO EPSON CORPORATION)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> %CommonProgramFiles%\Nero\Lib\NMIndexStoreSvr.exe ["C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020] -> File not found
"MSFox" -> %UserProfile%\Local Settings\Temp\video1152.cfg.exe [C:\DOCUME~1\Mikz\LOCALS~1\Temp\video1152.cfg.exe] -> [2008/10/12 23:58:57 | 00,078,340 | ---- | M] ()
"SrvWin" -> %SystemRoot%\system32\bevulmvc.exe [C:\WINDOWS\system32\bevulmvc.exe] -> [2008/10/12 23:59:34 | 00,077,824 | ---- | M] ()
"Yahoo! Pager" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Mikz Startup Folder > -> C:\Documents and Settings\Mikz\Start Menu\Programs\Startup -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
\run\\"S87HVYvTNF" -> %AllUsersProfile%\Application Data\gborivul\kdgdmxsn.exe [C:\Documents and Settings\All Users\Application Data\gborivul\kdgdmxsn.exe] -> [2008/10/12 23:59:35 | 00,044,032 | ---- | M] ()
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" ->  [0] -> File not found
\\"DisableTaskMgr" ->  [1] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 53 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} [HKLM] -> http://www.creative.com/su/ocx/15031/CTSUEng.cab[Creative Software AutoUpdate] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 
{33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{B8BE5E93-A60C-4D26-A2DC-220313175592} [HKLM] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> 
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] -> 
{F6ACF75C-C32C-447B-9BEF-46B766368D29} [HKLM] -> http://www.creative.com/su/ocx/15033/CTPID.cab[Creative Software AutoUpdate Support Package] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{4496F343-4B3C-4D5E-BE49-1984AC8C5EA3} ->	() -> 
{761EB9E9-9387-45BF-97F6-1390B90D9D8E} ->	(CNet PRO200WL PCI Fast Ethernet Adapter) -> 
{819E4415-69F7-44D6-8183-6200B68A89F9} ->	() -> 
{C486E0E5-5890-4049-B1E2-F3F5158ABFB3} ->	() -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> [2006/10/19 10:12:20 | 00,258,048 | ---- | M] (SUPERAntiSpyware.com)
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [2008/07/03 23:13:35 | 00,139,264 | ---- | M] (ATI Technologies Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> [2006/12/20 13:55:48 | 00,077,824 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007/06/23 17:09:43 | 00,000,050 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
 
 
[Files/Folders - Created Within 30 Days]
13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/10/13 00:38:42 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/10/13 00:38:13 | 00,586,824 | ---- | C] ()
WINWGPX.EXE -> %SystemRoot%\System32\WINWGPX.EXE -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
winsystem.exe -> %SystemRoot%\winsystem.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
winsystem.exe -> %SystemRoot%\System32\winsystem.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
winlogonpc.exe -> %SystemRoot%\System32\winlogonpc.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
vcatchpi.dll -> %SystemRoot%\System32\vcatchpi.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
vbsys2.dll -> %SystemRoot%\System32\vbsys2.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
VBIEWER.OCX -> %SystemRoot%\System32\VBIEWER.OCX -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
userconfig9x.dll -> %SystemRoot%\userconfig9x.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
thun32.dll -> %SystemRoot%\System32\thun32.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
thun.dll -> %SystemRoot%\System32\thun.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
temp#01.exe -> %SystemRoot%\System32\temp#01.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
taack.exe -> %SystemRoot%\System32\taack.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
taack.dat -> %SystemRoot%\System32\taack.dat -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
sysreq.exe -> %SystemRoot%\System32\sysreq.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
ssvchost.exe -> %SystemRoot%\System32\ssvchost.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
ssvchost.com -> %SystemRoot%\System32\ssvchost.com -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
ssurf022.dll -> %SystemRoot%\System32\ssurf022.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
sncntr.exe -> %SystemRoot%\System32\sncntr.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
Rundl1.exe -> %SystemRoot%\System32\Rundl1.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
regm64.dll -> %SystemRoot%\System32\regm64.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
regc64.dll -> %SystemRoot%\System32\regc64.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
psoft1.exe -> %SystemRoot%\System32\psoft1.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
psof1.exe -> %SystemRoot%\System32\psof1.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
ps1.exe -> %SystemRoot%\System32\ps1.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
newsd32.exe -> %SystemRoot%\System32\newsd32.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
netode.exe -> %SystemRoot%\System32\netode.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
mwin32.exe -> %SystemRoot%\System32\mwin32.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
mtr2.exe -> %SystemRoot%\System32\mtr2.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
msvchost.exe -> %SystemRoot%\System32\msvchost.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
mssecu.exe -> %SystemRoot%\System32\mssecu.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
mssecu.exe -> %SystemRoot%\mssecu.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
msnbho.dll -> %SystemRoot%\System32\msnbho.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
msgp.exe -> %SystemRoot%\System32\msgp.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
medup020.dll -> %SystemRoot%\System32\medup020.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
medup012.dll -> %SystemRoot%\System32\medup012.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
hxiwlgpm.exe -> %SystemRoot%\System32\hxiwlgpm.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
hxiwlgpm.dat -> %SystemRoot%\System32\hxiwlgpm.dat -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
hoproxy.dll -> %SystemRoot%\System32\hoproxy.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
h@tkeysh@@k.dll -> %SystemRoot%\System32\h@tkeysh@@k.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
FVProtect.exe -> %SystemRoot%\FVProtect.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
emesx.dll -> %SystemRoot%\System32\emesx.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
dpcproxy.exe -> %SystemRoot%\System32\dpcproxy.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
bsva-egihsg52.exe -> %SystemRoot%\System32\bsva-egihsg52.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
bdn.com -> %SystemRoot%\System32\bdn.com -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
bdn.com -> %SystemRoot%\bdn.com -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
awtoolb.dll -> %SystemRoot%\System32\awtoolb.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
anticipator.dll -> %SystemRoot%\System32\anticipator.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
akttzn.exe -> %SystemRoot%\System32\akttzn.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
a.bat -> %SystemRoot%\a.bat -> [2008/10/13 00:00:02 | 00,004,096 | ---- | C] ()
smp -> %SystemRoot%\System32\smp -> [2008/10/13 00:00:02 | 00,000,000 | ---D | C]
mslagent -> %SystemRoot%\mslagent -> [2008/10/13 00:00:02 | 00,000,000 | ---D | C]
Inet Delivery -> %ProgramFiles%\Inet Delivery -> [2008/10/13 00:00:02 | 00,000,000 | ---D | C]
akl -> %ProgramFiles%\akl -> [2008/10/13 00:00:02 | 00,000,000 | ---D | C]
gborivul -> %AllUsersProfile%\Application Data\gborivul -> [2008/10/12 23:59:35 | 00,000,000 | ---D | C]
bevulmvc.exe -> %SystemRoot%\System32\bevulmvc.exe -> [2008/10/12 23:59:34 | 00,077,824 | ---- | C] ()
msxml71.dll -> %SystemRoot%\System32\msxml71.dll -> [2008/10/12 23:59:01 | 00,117,252 | ---- | C] ()
LimeWire 4.18.8.lnk -> %UserProfile%\Desktop\LimeWire 4.18.8.lnk -> [2008/10/12 19:37:39 | 00,001,580 | ---- | C] ()
Work Out -> %UserProfile%\Desktop\Work Out -> [2008/10/08 19:18:01 | 00,000,000 | ---D | C]
Prefetch -> %SystemRoot%\Prefetch -> [2008/10/07 19:57:12 | 00,000,000 | ---D | C]
Messenger -> %ProgramFiles%\Messenger -> [2008/10/07 18:48:20 | 00,000,000 | ---D | C]
scripting -> %SystemRoot%\System32\scripting -> [2008/10/07 18:48:08 | 00,000,000 | ---D | C]
l2schemas -> %SystemRoot%\l2schemas -> [2008/10/07 18:48:07 | 00,000,000 | ---D | C]
en -> %SystemRoot%\System32\en -> [2008/10/07 18:48:07 | 00,000,000 | ---D | C]
network diagnostic -> %SystemRoot%\network diagnostic -> [2008/10/07 18:44:22 | 00,000,000 | ---D | C]
139_(820x622).jpg -> %UserProfile%\Desktop\139_(820x622).jpg -> [2008/10/07 02:39:15 | 00,137,812 | ---- | C] ()
WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [2008/10/07 01:02:38 | 00,000,754 | ---- | C] ()
ban3ut2_535.jpg -> %UserProfile%\Desktop\ban3ut2_535.jpg -> [2008/10/06 15:29:46 | 00,236,272 | ---- | C] ()
WinRAR -> %ProgramFiles%\WinRAR -> [2008/09/27 02:58:10 | 00,000,000 | ---D | C]
wrar371.exe -> %UserProfile%\Desktop\wrar371.exe -> [2008/09/27 02:57:11 | 01,206,366 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [2006/10/24 16:15:40 | 00,000,000 | ---D | M]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2008/07/11 19:38:57 | 00,009,015 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2006/09/29 18:49:32 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/10/08 12:49:16 | 00,004,646 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/10/08 12:49:16 | 00,004,232 | ---- | M] ()
C:\Documents and Settings\Mikz\Local Settings\Temp\ -> C:\Documents and Settings\Mikz\Local Settings\Temp -> [2008/10/13 00:38:34 | 00,000,000 | ---D | M]
b.exe -> C:\Documents and Settings\Mikz\Local Settings\Temp\b.exe -> [2008/10/12 23:59:05 | 00,087,040 | ---- | M] ()
video1152.cfg.exe -> C:\Documents and Settings\Mikz\Local Settings\Temp\video1152.cfg.exe -> [2008/10/12 23:58:57 | 00,078,340 | ---- | M] ()
3 C:\Documents and Settings\Mikz\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mikz\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Mikz\Local Settings\Temp\ -> C:\Documents and Settings\Mikz\Local Settings\Temp -> [2008/10/13 00:38:34 | 00,000,000 | ---D | M]
Perflib_Perfdata_7ac.dat -> C:\Documents and Settings\Mikz\Local Settings\Temp\Perflib_Perfdata_7ac.dat -> [2008/10/13 00:33:30 | 00,016,384 | ---- | M] ()
3 C:\Documents and Settings\Mikz\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mikz\Local Settings\Temp\*.tmp -> 
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/10/13 00:38:15 | 00,586,824 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/10/13 00:15:52 | 00,002,206 | ---- | M] ()
iTouch.ini -> %SystemRoot%\iTouch.ini -> [2008/10/13 00:15:50 | 00,000,065 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/10/13 00:15:43 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/10/13 00:15:32 | 00,002,048 | --S- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/10/13 00:14:09 | 05,334,558 | -H-- | M] ()
WINWGPX.EXE -> %SystemRoot%\System32\WINWGPX.EXE -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
winsystem.exe -> %SystemRoot%\winsystem.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
winsystem.exe -> %SystemRoot%\System32\winsystem.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
winlogonpc.exe -> %SystemRoot%\System32\winlogonpc.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
vcatchpi.dll -> %SystemRoot%\System32\vcatchpi.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
vbsys2.dll -> %SystemRoot%\System32\vbsys2.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
VBIEWER.OCX -> %SystemRoot%\System32\VBIEWER.OCX -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
userconfig9x.dll -> %SystemRoot%\userconfig9x.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
thun32.dll -> %SystemRoot%\System32\thun32.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
thun.dll -> %SystemRoot%\System32\thun.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
temp#01.exe -> %SystemRoot%\System32\temp#01.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
taack.exe -> %SystemRoot%\System32\taack.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
taack.dat -> %SystemRoot%\System32\taack.dat -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
sysreq.exe -> %SystemRoot%\System32\sysreq.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
ssvchost.exe -> %SystemRoot%\System32\ssvchost.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
ssvchost.com -> %SystemRoot%\System32\ssvchost.com -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
ssurf022.dll -> %SystemRoot%\System32\ssurf022.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
sncntr.exe -> %SystemRoot%\System32\sncntr.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
Rundl1.exe -> %SystemRoot%\System32\Rundl1.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
regm64.dll -> %SystemRoot%\System32\regm64.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
regc64.dll -> %SystemRoot%\System32\regc64.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
psoft1.exe -> %SystemRoot%\System32\psoft1.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
psof1.exe -> %SystemRoot%\System32\psof1.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
ps1.exe -> %SystemRoot%\System32\ps1.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
newsd32.exe -> %SystemRoot%\System32\newsd32.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
netode.exe -> %SystemRoot%\System32\netode.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
mwin32.exe -> %SystemRoot%\System32\mwin32.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
mtr2.exe -> %SystemRoot%\System32\mtr2.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
msvchost.exe -> %SystemRoot%\System32\msvchost.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
mssecu.exe -> %SystemRoot%\System32\mssecu.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
mssecu.exe -> %SystemRoot%\mssecu.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
msnbho.dll -> %SystemRoot%\System32\msnbho.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
msgp.exe -> %SystemRoot%\System32\msgp.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
medup020.dll -> %SystemRoot%\System32\medup020.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
medup012.dll -> %SystemRoot%\System32\medup012.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
iTunesMusic.exe -> %SystemRoot%\iTunesMusic.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
hxiwlgpm.exe -> %SystemRoot%\System32\hxiwlgpm.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
hxiwlgpm.dat -> %SystemRoot%\System32\hxiwlgpm.dat -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
hoproxy.dll -> %SystemRoot%\System32\hoproxy.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
h@tkeysh@@k.dll -> %SystemRoot%\System32\h@tkeysh@@k.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
FVProtect.exe -> %SystemRoot%\FVProtect.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
emesx.dll -> %SystemRoot%\System32\emesx.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
dpcproxy.exe -> %SystemRoot%\System32\dpcproxy.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
bsva-egihsg52.exe -> %SystemRoot%\System32\bsva-egihsg52.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
bdn.com -> %SystemRoot%\System32\bdn.com -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
bdn.com -> %SystemRoot%\bdn.com -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
awtoolb.dll -> %SystemRoot%\System32\awtoolb.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
anticipator.dll -> %SystemRoot%\System32\anticipator.dll -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
akttzn.exe -> %SystemRoot%\System32\akttzn.exe -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
a.bat -> %SystemRoot%\a.bat -> [2008/10/13 00:00:02 | 00,004,096 | ---- | M] ()
bevulmvc.exe -> %SystemRoot%\System32\bevulmvc.exe -> [2008/10/12 23:59:34 | 00,077,824 | ---- | M] ()
msxml71.dll -> %SystemRoot%\System32\msxml71.dll -> [2008/10/12 23:59:01 | 00,117,252 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/10/12 21:22:39 | 00,135,680 | ---- | M] ()
LimeWire 4.18.8.lnk -> %UserProfile%\Desktop\LimeWire 4.18.8.lnk -> [2008/10/12 19:37:39 | 00,001,580 | ---- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/10/08 22:02:06 | 00,001,374 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/10/07 19:58:49 | 00,439,988 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/10/07 19:58:49 | 00,380,658 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/10/07 19:58:49 | 00,052,880 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2008/10/07 19:57:51 | 00,000,604 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/10/07 19:56:40 | 00,134,072 | ---- | M] ()
ntldr -> %SystemDrive%\ntldr -> [2008/10/07 18:44:05 | 00,250,048 | RHS- | M] ()
139_(820x622).jpg -> %UserProfile%\Desktop\139_(820x622).jpg -> [2008/10/07 02:37:47 | 00,137,812 | ---- | M] ()
WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [2008/10/07 01:02:41 | 00,000,754 | ---- | M] ()
ban3ut2_535.jpg -> %UserProfile%\Desktop\ban3ut2_535.jpg -> [2008/10/06 15:29:38 | 00,236,272 | ---- | M] ()
wrar371.exe -> %UserProfile%\Desktop\wrar371.exe -> [2008/09/27 02:57:19 | 01,206,366 | ---- | M] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/09/17 01:30:14 | 00,054,156 | -H-- | M] ()
popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [2008/09/15 02:20:37 | 00,000,014 | ---- | M] ()
< End of report >


Thanks in advance, Mike

BC AdBot (Login to Remove)

 


#2 Mikz86TA

Mikz86TA
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 13 October 2008 - 12:15 PM

Anyone?

I think I posted the info right. If I didnt let me know. The little pop-up red sheild isnt there anymore but it still redirects me on the internet on some searches. Especially the ones where I am referring to how to re-access the Task Manager.
And it wolt allow me to access Task Mgr through Ctrl/Alt/Del OR Start/Run/Taskmgr.
I think Device Mgr is disabled too.
Says Administrator disabled it. WTF, I am the Admin. LOL
Randomly it pops up a internet window wanting me to purchase and install a Spyware program. I cant tell if its Windows/Microsoft or some bogus stuff.

#3 Mikz86TA

Mikz86TA
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 13 October 2008 - 12:19 PM

Update.

The pop-up window ask me to download a program for spyware. It looks like a legit Moicrosoft/Windows box, but I am weary about that.
Says my issue is trojan-downloader.win32.agent.bq and windows firewall cannot block it.

THX, Michel

#4 Mikz86TA

Mikz86TA
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 13 October 2008 - 07:47 PM

Ive tried a few things in SafeMode. But I still think there is an issue. Ive been on 15 minutes and all is OK except I still get some Internet redirections and also cant access the Task Manager.

Anyone?

#5 Mikz86TA

Mikz86TA
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 14 October 2008 - 06:40 PM

No one here anymore to help?

Can you direct me to a support forum please that has people who are willing to lend a hand?

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 23 October 2008 - 07:27 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

By bumping you log multiple times, you made it look like someone was helping you already :thumbsup: .

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#7 Mikz86TA

Mikz86TA
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 23 October 2008 - 05:20 PM

Hello PPanda. I appreciate your time. Ive pretty much taken care of it by reading other postings and doing some of the Malware/Adware program runs.

I do still have one issue tho.

I get the abcjmp.com thingy when I try to click a link on google sometimes. It basically re-routes me to some other site than what I had selected. I looked it up and there isnt much info on it. In fact, googleing it, I was redirected. LOL Kinda humerous I thought. But it definately pisses me off.
If you know where I can find that and take care of it, Id appreciate it.

On TaskMgr, I still see kdgdmxsn.exe running. I can manually shut it down, but its there on every startup. IDK what that program is and have yet to find any info on it. It shows up under my user name in Task Manager. That would be helpful as well if you know or have heard of it.

Thanks, Michel

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 23 October 2008 - 06:24 PM

Hello Michel.

In that case, please follow the instructions to run OTViewIt in my previous reply and post back with the logs.

Looks like there is still an infection lurking.

With Regards,
The Panda

#9 Mikz86TA

Mikz86TA
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 24 October 2008 - 05:16 PM

OK, I did the OTViewit.

LOG 1 :

OTViewIt logfile created on: 10/24/2008 6:11:54 PM - Run 2
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Mikz\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 635.61 Mb Available Physical Memory | 62.11% Memory free
2.41 Gb Paging File | 2.06 Gb Available in Paging File | 85.61% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 63.01 Gb Free Space | 49.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREYGOOSE01
Current User Name: Mikz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/03 23:12:02 | 00,561,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/07/03 23:12:02 | 00,561,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/07/25 19:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2007/08/31 18:19:45 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2007/08/29 14:14:12 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
[2008/10/12 23:59:35 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\gborivul\kdgdmxsn.exe
[2004/03/18 09:33:26 | 00,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
[2007/12/12 17:40:42 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[2001/10/04 03:01:00 | 00,069,632 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_A10IC2.EXE
[2002/11/21 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
[2001/08/17 18:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
[2007/08/29 14:12:12 | 00,233,472 | ---- | M] (Sierra Wireless) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/08/23 01:56:15 | 00,635,848 | -HS- | M] (Microsoft Corporation) -- c:\Program Files\Internet Explorer\iexplore.exe
[2008/10/24 18:10:26 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mikz\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/03 23:12:02 | 00,561,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/07/03 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2006/07/25 19:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/07/25 19:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
[2007/08/31 18:19:45 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2007/08/29 14:14:12 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2002/11/15 06:19:00 | 00,042,512 | R--- | M] (Adaptec Incorporated) -- C:\WINDOWS\system32\drivers\aehcd.sys -- (ADPTEHCD [On_Demand | Running])
[2004/01/23 10:52:31 | 00,258,044 | ---- | M] (Jungo) -- C:\WINDOWS\system32\drivers\atirwvd.sys -- (ATI Remote Wonder II [On_Demand | Stopped])
[2008/07/04 02:33:33 | 03,230,720 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
[2002/11/15 06:19:00 | 00,023,056 | R--- | M] (Adaptec Incorporated) -- C:\WINDOWS\system32\drivers\ausbd.sys -- (AUSBD_FilterService [On_Demand | Running])
[2001/08/17 09:28:04 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2 [On_Demand | Stopped])
[2004/03/08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
[2001/08/17 08:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk [On_Demand | Running])
[2001/08/17 08:11:42 | 00,029,696 | ---- | M] (CNet Technology, Inc. ) -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102 [On_Demand | Stopped])
[2001/08/17 08:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Running])
[2001/08/17 08:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Running])
[2000/09/13 02:00:00 | 00,066,240 | ---- | M] (MK Systems CO., LTD.) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02 [On_Demand | Stopped])
[2001/08/17 09:28:06 | 00,289,887 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback [Auto | Running])
[2001/08/17 09:28:06 | 00,115,807 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks [Auto | Running])
[2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2004/08/04 01:41:46 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys -- (HSFHWBS2 [On_Demand | Running])
[2004/08/04 01:41:54 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys -- (HSF_DP [On_Demand | Running])
[2001/08/17 09:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft [On_Demand | Stopped])
[2004/03/10 14:42:24 | 00,012,953 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr [On_Demand | Running])
[2001/08/17 09:28:08 | 00,391,199 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56 [Auto | Running])
[2002/11/08 05:50:00 | 00,052,238 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running])
[2002/11/08 05:50:00 | 00,070,238 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
[2008/03/09 17:29:14 | 00,027,136 | ---- | M] () -- C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys -- (MBAMCatchMe [On_Demand | Stopped])
[2004/08/04 01:41:55 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2004/08/04 01:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/18 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/05/10 16:04:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 09:28:10 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample [On_Demand | Stopped])
[2005/03/21 10:00:24 | 00,004,096 | ---- | M] (SuperAdBlocker.com) -- C:\WINDOWS\System32\sabprocenum.sys -- (SABProcEnum [On_Demand | Stopped])
[2006/10/10 13:53:48 | 00,005,632 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2007/01/09 15:09:48 | 00,030,720 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2001/08/17 08:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Running])
[2004/06/15 13:03:52 | 00,057,216 | R--- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SI3112.sys -- (SI3112 [Boot | Running])
[2004/05/21 05:38:50 | 00,010,240 | R--- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter [Boot | Running])
[2001/08/17 09:28:06 | 00,199,711 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax [Auto | Running])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2007/08/10 11:08:48 | 00,024,456 | ---- | M] () -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt [On_Demand | Running])
[2007/06/27 11:42:32 | 00,073,856 | ---- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\system32\drivers\swmx00.sys -- (SWMX00 [On_Demand | Running])
[2007/06/27 11:41:46 | 00,101,248 | ---- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00 [On_Demand | Running])
[2001/08/17 09:28:12 | 00,050,751 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones [Auto | Running])
[2001/08/17 09:28:12 | 00,488,383 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124 [Auto | Running])
[2004/08/04 01:41:48 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys -- (winachsf [On_Demand | Running])
[2001/08/18 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

Hosts file not found

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{500BCA15-57A7-4eaf-8143-8C619470B13D} (HKLM) -- C:\WINDOWS\system32\msxml71.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Logitech Utility"=Logi_MwX.Exe (Logitech Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C80 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O5 "LPT1:" /M "Stylus C80" (SEIKO EPSON CORPORATION)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
"MSFox"=C:\DOCUME~1\Mikz\LOCALS~1\Temp\video1152.cfg.exe File not found
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C80 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O5 "LPT1:" /M "Stylus C80" (SEIKO EPSON CORPORATION)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
"MSFox"=C:\DOCUME~1\Mikz\LOCALS~1\Temp\video1152.cfg.exe File not found
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]
"S87HVYvTNF"=C:\Documents and Settings\All Users\Application Data\gborivul\kdgdmxsn.exe -- [2008/10/12 23:59:35 | 00,044,032 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0
"DisableTaskMgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0
"DisableTaskMgr"=0

========== (O9) IE Extensions ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
musicmatch.com\online: https in Computer
2 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}: http://www.creative.com/su/ocx/15031/CTSUEng.cab -- Creative Software AutoUpdate
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{33564D57-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/su/ocx/15033/CTPID.cab -- Creative Software AutoUpdate Support Package
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{4496F343-4B3C-4D5E-BE49-1984AC8C5EA3} (Servers: | Description: )
{761EB9E9-9387-45BF-97F6-1390B90D9D8E} (Servers: | Description: CNet PRO200WL PCI Fast Ethernet Adapter)
{819E4415-69F7-44D6-8183-6200B68A89F9} (Servers: | Description: )
{C486E0E5-5890-4049-B1E2-F3F5158ABFB3} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2007/06/23 17:09:43 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[13 C:\WINDOWS\System32\*.tmp files]
[12 C:\WINDOWS\*.tmp files]
[2008/10/24 18:10:14 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mikz\Desktop\OTViewIt.exe
[2008/10/24 17:12:24 | 15,154,6837 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\SpecialVidz73_scene2_Vidz.com_full.wmv
[2008/10/24 16:20:04 | 61,013,8873 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\TokyoBlue17_scene1_Vidz.com_full.wmv
[2008/10/24 15:56:30 | 46,070,8385 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\FromJapanWithLove7_scene2_Vidz.com_full.wmv
[2008/10/22 12:46:25 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/22 12:46:25 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/21 13:38:27 | 00,175,164 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\boost reference.pdf
[2008/10/21 02:06:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mikz\Desktop\refile
[2008/10/20 23:43:15 | 00,037,964 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\DSC04138.JPG
[2008/10/20 23:42:29 | 00,036,419 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\DSC04137.JPG
[2008/10/17 00:59:16 | 00,249,614 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\IdleEze%20with%20Images2%20(3).pdf
[2008/10/17 00:53:44 | 00,151,612 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\Ign%20timingwithimages.pdf
[2008/10/17 00:49:32 | 05,625,681 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\Happy%20Carburetion.pdf
[2008/10/15 17:11:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mikz\Application Data\Systweak
[2008/10/15 16:25:49 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer
[2008/10/14 17:04:55 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/14 17:04:47 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/14 17:01:44 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/14 17:01:43 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/14 17:01:42 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/14 17:01:41 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\winsystem.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\userconfig9x.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\WINWGPX.EXE
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\winsystem.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\winlogonpc.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\VBIEWER.OCX
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\thun32.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\thun.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\temp#01.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\taack.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\taack.dat
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysreq.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\ssvchost.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\ssvchost.com
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\ssurf022.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\Rundl1.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\regm64.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\regc64.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\ps1.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\newsd32.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\netode.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\mwin32.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\mtr2.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\msvchost.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\mssecu.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\msnbho.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\msgp.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\medup020.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\medup012.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\hxiwlgpm.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\hxiwlgpm.dat
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\hoproxy.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\h@tkeysh@@k.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\emesx.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\bsva-egihsg52.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\bdn.com
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\anticipator.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\akttzn.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\mssecu.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\iTunesMusic.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\FVProtect.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\bdn.com
[2008/10/13 00:00:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\a.bat
[2008/10/13 00:00:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\smp
[2008/10/13 00:00:02 | 00,000,000 | ---D | C] -- C:\Program Files\Inet Delivery
[2008/10/12 23:59:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gborivul
[2008/10/12 23:59:01 | 00,117,252 | ---- | C] () -- C:\WINDOWS\System32\msxml71.dll
[2008/10/12 19:37:39 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\LimeWire 4.18.8.lnk
[2008/10/08 19:18:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mikz\Desktop\Work Out
[2008/10/07 19:57:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/07 18:48:20 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2008/10/07 18:48:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/07 18:48:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/07 18:48:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/07 18:44:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/10/07 01:02:38 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/27 02:58:10 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR

========== Files - Modified Within 30 Days ==========

[13 C:\WINDOWS\System32\*.tmp files]
[12 C:\WINDOWS\*.tmp files]
[2008/10/24 18:10:26 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mikz\Desktop\OTViewIt.exe
[2008/10/24 17:12:31 | 15,154,6837 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\SpecialVidz73_scene2_Vidz.com_full.wmv
[2008/10/24 16:21:43 | 61,013,8873 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\TokyoBlue17_scene1_Vidz.com_full.wmv
[2008/10/24 15:57:49 | 46,070,8385 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\FromJapanWithLove7_scene2_Vidz.com_full.wmv
[2008/10/24 12:56:43 | 00,000,065 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2008/10/24 12:48:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/24 12:48:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/24 12:48:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/23 02:38:29 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Mikz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/22 12:46:25 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/22 12:46:25 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/21 13:38:28 | 00,175,164 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\boost reference.pdf
[2008/10/20 23:43:15 | 00,037,964 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\DSC04138.JPG
[2008/10/20 23:42:29 | 00,036,419 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\DSC04137.JPG
[2008/10/17 00:59:16 | 00,249,614 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\IdleEze%20with%20Images2%20(3).pdf
[2008/10/17 00:53:44 | 00,151,612 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\Ign%20timingwithimages.pdf
[2008/10/17 00:49:33 | 05,625,681 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\Happy%20Carburetion.pdf
[2008/10/15 00:29:08 | 05,868,190 | -H-- | M] () -- C:\Documents and Settings\Mikz\Local Settings\Application Data\IconCache.db
[2008/10/14 22:09:51 | 00,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/14 22:03:11 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/14 22:01:39 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\winsystem.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\userconfig9x.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\WINWGPX.EXE
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\winsystem.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\winlogonpc.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\VBIEWER.OCX
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\thun32.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\thun.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\temp#01.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\taack.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\taack.dat
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\sysreq.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\ssvchost.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\ssvchost.com
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\ssurf022.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\Rundl1.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\regm64.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\regc64.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\ps1.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\newsd32.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\netode.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\mwin32.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\mtr2.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\msvchost.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\mssecu.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\msnbho.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\msgp.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\medup020.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\medup012.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\hxiwlgpm.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\hxiwlgpm.dat
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\hoproxy.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\h@tkeysh@@k.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\emesx.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\bsva-egihsg52.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\bdn.com
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\anticipator.dll
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\akttzn.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\mssecu.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\iTunesMusic.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\FVProtect.exe
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\bdn.com
[2008/10/13 00:00:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\a.bat
[2008/10/12 23:59:01 | 00,117,252 | ---- | M] () -- C:\WINDOWS\System32\msxml71.dll
[2008/10/12 19:37:39 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\LimeWire 4.18.8.lnk
[2008/10/07 19:58:49 | 00,439,988 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/07 19:58:49 | 00,380,658 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/07 19:58:49 | 00,052,880 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/07 19:57:51 | 00,000,604 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/07 18:44:05 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/07 15:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/07 01:02:41 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
< End of report >

EXTRAS :

OTViewIt Extras logfile created on: 10/24/2008 6:11:54 PM - Run 2
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Mikz\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 635.61 Mb Available Physical Memory | 62.11% Memory free
2.41 Gb Paging File | 2.06 Gb Available in Paging File | 85.61% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 63.01 Gb Free Space | 49.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREYGOOSE01
Current User Name: Mikz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{025C3792-E9C6-432A-92C1-661F99D021CA}"=Ulead Photo Explorer 8.5 SE
"{036AA4D4-6D32-11D4-9875-00105ACE7734}"=Logitech iTouch Software
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}"=Battlefield 2: Deluxe Edition
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}"=InterVideo WinDVD 5
"{1CB92574-96F2-467B-B793-5CEB35C40C29}"=Image Resizer Powertoy for Windows XP
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}"=Data Lifeguard
"{31E1050B-F69F-4A16-8F5A-E44D31901250}"=Ulead DVD DiskRecorder 2.1.1
"{3248F0A8-6813-11D6-A77B-00B0D0150080}"=J2SE Runtime Environment 5.0 Update 8
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}"=VCRedistSetup
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}"=Google Earth
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}"=Grand Theft Auto Vice City
"{51021AB6-FEC9-4051-B486-F8CE9639662D}"=RPO Decoder
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}"=GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}"=Logitech MouseWare 9.75
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}"=Sony USB Driver
"{634F6989-4BB5-4EF2-AF6F-C15700F81494}}_is1"=Advanced System Optimizer 2.01.4
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}"=Battlefield 1942
"{6DCBB845-0FA4-4723-A40A-1F320C221C30}"=Sprint Mobile Broadband (Sierra)
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110207187}"=Dynomite
"{85D3CC30-8859-481A-9654-FD9B74310BEF}"=Musicmatch® Jukebox
"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}"=Ulead VideoStudio 9.0 SE DVD
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}"=Battlefield 1942: Secret Weapons of WWII
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}"=Battlefield 1942: The Road To Rome
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}"=Microsoft XML Parser
"{E35B3C63-E958-4E31-A178-95D22024109A}"=Battlefield Vietnam™
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe PhotoDeluxe Home Edition 4.0"=Adobe PhotoDeluxe Home Edition 4.0
"Alive MP4 Converter_is1"=Alive MP4 Converter (version 2.0.8.6)
"All to Text_is1"=All to Text V1.501
"Ashampoo Burning Studio 6 FREE_is1"=Ashampoo Burning Studio 6 FREE
"ATI Display Driver"=ATI Display Driver
"CTDVDAudio Plugin"=Creative DVD Audio Plugin for Audigy Series
"EPSON Printer and Utilities"=EPSON Printer Software
"FastImageResizer"=FastImageResizer (remove only)
"FLV Player"=FLV Player 2.0, build 23
"GameSpy Arcade"=GameSpy Arcade
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"LimeWire"=LimeWire 4.18.8
"LiveUpdate"=LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"QuickTime"=QuickTime
"Recover My Files_is1"=Recover My Files
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinISD Pro [alpha]"=WinISD Pro [alpha]
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger"=Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12B055A0-9F6E-11D9-6784-00470EBC18BE}"=Van Gogh Vodka Recipes Guide

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12B055A0-9F6E-11D9-6784-00470EBC18BE}"=Van Gogh Vodka Recipes Guide

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/17/2008 2:26:53 AM | Computer Name = GREYGOOSE01 | Source = Application Error | ID = 1000
Description = Faulting application codechelper.exe, version 2.8.11.228, faulting
module unknown, version 0.0.0.0, fault address 0x8bffffad.

Error - 9/17/2008 2:27:12 AM | Computer Name = GREYGOOSE01 | Source = Application Error | ID = 1000
Description = Faulting application codechelper.exe, version 2.8.11.228, faulting
module unknown, version 0.0.0.0, fault address 0x8bffffad.

Error - 9/17/2008 2:27:20 AM | Computer Name = GREYGOOSE01 | Source = Application Error | ID = 1000
Description = Faulting application codechelper.exe, version 2.8.11.228, faulting
module unknown, version 0.0.0.0, fault address 0x8bffffad.

Error - 9/17/2008 8:46:35 PM | Computer Name = GREYGOOSE01 | Source = Application Error | ID = 1000
Description = Faulting application codechelper.exe, version 2.8.11.228, faulting
module unknown, version 0.0.0.0, fault address 0x8bffffad.

Error - 9/17/2008 8:46:45 PM | Computer Name = GREYGOOSE01 | Source = Application Error | ID = 1000
Description = Faulting application codechelper.exe, version 2.8.11.228, faulting
module unknown, version 0.0.0.0, fault address 0x8bffffad.

Error - 10/19/2008 11:56:18 PM | Computer Name = GREYGOOSE01 | Source = Application Error | ID = 1000
Description = Faulting application codechelper.exe, version 2.8.11.228, faulting
module unknown, version 0.0.0.0, fault address 0x8bffffad.

Error - 10/19/2008 11:56:33 PM | Computer Name = GREYGOOSE01 | Source = Application Error | ID = 1000
Description = Faulting application codechelper.exe, version 2.8.11.228, faulting
module unknown, version 0.0.0.0, fault address 0x8bffffad.

Error - 10/19/2008 11:56:42 PM | Computer Name = GREYGOOSE01 | Source = Application Error | ID = 1000
Description = Faulting application codechelper.exe, version 2.8.11.228, faulting
module unknown, version 0.0.0.0, fault address 0x8bffffad.

Error - 10/19/2008 11:56:50 PM | Computer Name = GREYGOOSE01 | Source = Application Error | ID = 1000
Description = Faulting application codechelper.exe, version 2.8.11.228, faulting
module unknown, version 0.0.0.0, fault address 0x8bffffad.

Error - 10/20/2008 9:09:58 PM | Computer Name = GREYGOOSE01 | Source = Application Error | ID = 1000
Description = Faulting application codechelper.exe, version 2.8.11.228, faulting
module unknown, version 0.0.0.0, fault address 0x8bffffad.

[ System Events ]
Error - 10/18/2008 2:18:40 PM | Computer Name = GREYGOOSE01 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/19/2008 12:58:19 AM | Computer Name = GREYGOOSE01 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/19/2008 12:40:58 PM | Computer Name = GREYGOOSE01 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/20/2008 10:46:40 AM | Computer Name = GREYGOOSE01 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/21/2008 12:16:16 PM | Computer Name = GREYGOOSE01 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/22/2008 12:05:43 PM | Computer Name = GREYGOOSE01 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/23/2008 1:49:58 AM | Computer Name = GREYGOOSE01 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/23/2008 12:22:34 PM | Computer Name = GREYGOOSE01 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/24/2008 2:08:46 AM | Computer Name = GREYGOOSE01 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/24/2008 12:48:40 PM | Computer Name = GREYGOOSE01 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060


< End of report >


Thank you

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 25 October 2008 - 09:34 AM

Hello.

Posted ImageBackdoor Threat
I'm sorry to say that your computer is infected with one or more backdoor trojans.

This means that sensitive information could have been stolen. I would advise to change any passwords for any accounts that you have accessed with the infected computer using a clean computer ASAP. If you have used this computer for banking, I would strongly suggest that you report the possible stolen information. Please do not use the computer for any further transactions, or to enter any other information, if at all possible, until it is declared clean.

You may want to read this article on how to handle identity theft.
You may also want to read this article regarding preventing of identity theft.

This computer can still be cleaned, however, I cannot guarantee that it will be 100% safe even after disinfection.

Please read When Should I Format, How Should I Reinstall.

I will proceed assuming you wish to disinfect. If you want to do a reinstall, reply back saying so.

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

How to Restore from the ERUNT Backup
Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore when booted, navigate to C:\WINDOWS\erdnt (possibly WINNT), choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.
Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose NO.
    Posted Image

  • Click on your Start Menu, then Run... . In the box that appears enter the follow and click OK.
    "%USERPROFILE%\Desktop\ComboFix.exe" /killall
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Please post back with:
-the ComboFix log
-a new OTViweIt log (OTViewIt.txt only)

With Regards,
The Panda

Edited by PropagandaPanda, 25 October 2008 - 09:34 AM.


#11 Mikz86TA

Mikz86TA
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 27 October 2008 - 11:54 PM

Just got back on and did what you said.

Log from ComboFix :

ComboFix 08-10-27.02 - Mikz 2008-10-27 21:37:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.646 [GMT -4:00]
Running from: C:\Documents and Settings\Mikz\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.bat
C:\Documents and Settings\LocalService\Start Menu\Programs\videobox
C:\Documents and Settings\LocalService\Start Menu\Programs\videobox\Uninstall.lnk
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\msxml71.dll
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\r.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-28 )))))))))))))))))))))))))))))))
.

2008-10-27 20:01 . 2008-10-27 20:01 <DIR> d-------- C:\Program Files\ERUNT
2008-10-24 12:51 . 2008-10-15 12:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 12:46 . 2008-10-26 03:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-22 12:46 . 2008-10-22 12:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-15 17:11 . 2008-10-15 17:11 <DIR> d-------- C:\Documents and Settings\Mikz\Application Data\Systweak
2008-10-15 16:25 . 2008-10-15 16:25 <DIR> d-------- C:\Program Files\Advanced System Optimizer
2008-10-14 17:04 . 2008-09-15 08:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 17:04 . 2008-09-08 06:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 17:01 . 2008-08-14 06:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 17:01 . 2008-08-14 06:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 17:01 . 2008-08-14 05:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 17:01 . 2008-08-14 05:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-13 20:21 . 2008-10-13 20:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-12 23:59 . 2008-10-12 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\gborivul
2008-10-07 18:48 . 2008-10-07 18:48 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-07 18:48 . 2008-10-07 18:48 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-07 18:48 . 2008-10-07 18:48 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-07 01:02 . 2008-10-07 01:02 754 --a------ C:\WINDOWS\WORDPAD.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 17:15 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-10-12 23:37 --------- d-----w C:\Program Files\LimeWire
2008-09-20 06:27 --------- d-----w C:\Program Files\Symantec
2008-09-20 06:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-20 06:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-15 06:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
.
<pre>
----a-w			61,440 2003-04-17 04:13:44  C:\Snagit 6.2.1\SnagIt v6.2.1 keygen Techsmith .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968]
"EPSON Stylus C80 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE" [2001-10-04 69632]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-12 98304]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 C:\WINDOWS\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-07-25 67264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"S87HVYvTNF"="C:\Documents and Settings\All Users\Application Data\gborivul\kdgdmxsn.exe" [2008-10-12 44032]

C:\Documents and Settings\Mikz\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2006-10-19 10:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R3 ADPTEHCD;Adaptec USB 2.0 Enhanced Host Controller Driver;C:\WINDOWS\system32\DRIVERS\aehcd.sys [2002-11-15 42512]
R3 AUSBD_FilterService;Adaptec USB 2.0 Port Enumeration Driver;C:\WINDOWS\system32\DRIVERS\ausbd.sys [2002-11-15 23056]
R3 swmsflt;swmsflt;C:\WINDOWS\system32\drivers\swmsflt.sys [2007-08-10 24456]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-09 27136]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 21:41:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\eecb9b0e.TMP

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-10-27 21:44:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-28 01:44:06

Pre-Run: 65,626,497,024 bytes free
Post-Run: 65,722,466,304 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

184 --- E O F --- 2008-10-25 06:33:45

And OT new Log :

OTViewIt logfile created on: 10/28/2008 12:53:43 AM - Run 3
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Mikz\Desktop\FIXERS
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 575.93 Mb Available Physical Memory | 56.28% Memory free
2.41 Gb Paging File | 2.02 Gb Available in Paging File | 84.03% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 61.22 Gb Free Space | 47.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.05 Gb Total Space | 64.55 Gb Free Space | 43.31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREYGOOSE01
Current User Name: Mikz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/03 23:12:02 | 00,561,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/07/03 23:12:02 | 00,561,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/07/25 19:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2007/08/31 18:19:45 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2007/08/29 14:14:12 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
[2008/10/12 23:59:35 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\gborivul\kdgdmxsn.exe
[2004/03/18 09:33:26 | 00,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
[2007/12/12 17:40:42 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[2001/10/04 03:01:00 | 00,069,632 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_A10IC2.EXE
[2002/11/21 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
[2001/08/17 18:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
[2007/08/29 14:12:12 | 00,233,472 | ---- | M] (Sierra Wireless) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM.exe
[2008/08/23 01:56:15 | 00,635,848 | -HS- | M] (Microsoft Corporation) -- c:\Program Files\Internet Explorer\iexplore.exe
[2006/01/19 12:06:24 | 02,011,136 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
[2006/01/19 12:06:18 | 00,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
[2006/01/19 12:06:16 | 00,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
[2006/06/08 15:59:20 | 00,258,048 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
[2006/01/17 08:41:56 | 00,409,600 | ---- | M] (MUSICMATCH, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_TDMEngine.exe
[2008/10/24 18:10:26 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mikz\Desktop\FIXERS\OTViewIt.exe

========== (O23) Win32 Services ==========

[2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/03 23:12:02 | 00,561,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/07/03 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2006/07/25 19:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/07/25 19:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
[2007/08/31 18:19:45 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2007/08/29 14:14:12 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2002/11/15 06:19:00 | 00,042,512 | R--- | M] (Adaptec Incorporated) -- C:\WINDOWS\system32\drivers\aehcd.sys -- (ADPTEHCD [On_Demand | Running])
[2004/01/23 10:52:31 | 00,258,044 | ---- | M] (Jungo) -- C:\WINDOWS\system32\drivers\atirwvd.sys -- (ATI Remote Wonder II [On_Demand | Stopped])
[2008/07/04 02:33:33 | 03,230,720 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
[2002/11/15 06:19:00 | 00,023,056 | R--- | M] (Adaptec Incorporated) -- C:\WINDOWS\system32\drivers\ausbd.sys -- (AUSBD_FilterService [On_Demand | Running])
[2001/08/17 09:28:04 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2 [On_Demand | Stopped])
[2004/03/08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
[2001/08/17 08:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk [On_Demand | Running])
[2001/08/17 08:11:42 | 00,029,696 | ---- | M] (CNet Technology, Inc. ) -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102 [On_Demand | Stopped])
[2001/08/17 08:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Running])
[2001/08/17 08:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Running])
[2000/09/13 02:00:00 | 00,066,240 | ---- | M] (MK Systems CO., LTD.) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02 [On_Demand | Stopped])
[2001/08/17 09:28:06 | 00,289,887 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback [Auto | Running])
[2001/08/17 09:28:06 | 00,115,807 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks [Auto | Running])
[2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2004/08/04 01:41:46 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys -- (HSFHWBS2 [On_Demand | Running])
[2004/08/04 01:41:54 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys -- (HSF_DP [On_Demand | Running])
[2001/08/17 09:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft [On_Demand | Stopped])
[2004/03/10 14:42:24 | 00,012,953 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr [On_Demand | Running])
[2001/08/17 09:28:08 | 00,391,199 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56 [Auto | Running])
[2002/11/08 05:50:00 | 00,052,238 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running])
[2002/11/08 05:50:00 | 00,070,238 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
[2008/03/09 17:29:14 | 00,027,136 | ---- | M] () -- C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys -- (MBAMCatchMe [On_Demand | Stopped])
[2004/08/04 01:41:55 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2004/08/04 01:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/18 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/05/10 16:04:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 09:28:10 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample [On_Demand | Stopped])
[2005/03/21 10:00:24 | 00,004,096 | ---- | M] (SuperAdBlocker.com) -- C:\WINDOWS\System32\sabprocenum.sys -- (SABProcEnum [On_Demand | Stopped])
[2006/10/10 13:53:48 | 00,005,632 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2007/01/09 15:09:48 | 00,030,720 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2001/08/17 08:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Running])
[2004/06/15 13:03:52 | 00,057,216 | R--- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SI3112.sys -- (SI3112 [Boot | Running])
[2004/05/21 05:38:50 | 00,010,240 | R--- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter [Boot | Running])
[2001/08/17 09:28:06 | 00,199,711 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax [Auto | Running])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2007/08/10 11:08:48 | 00,024,456 | ---- | M] () -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt [On_Demand | Running])
[2007/06/27 11:42:32 | 00,073,856 | ---- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\system32\drivers\swmx00.sys -- (SWMX00 [On_Demand | Running])
[2007/06/27 11:41:46 | 00,101,248 | ---- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00 [On_Demand | Running])
[2001/08/17 09:28:12 | 00,050,751 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones [Auto | Running])
[2001/08/17 09:28:12 | 00,488,383 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124 [Auto | Running])
[2004/08/04 01:41:48 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys -- (winachsf [On_Demand | Running])
[2001/08/18 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

Hosts file not found

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Logitech Utility"=Logi_MwX.Exe (Logitech Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C80 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O5 "LPT1:" /M "Stylus C80" (SEIKO EPSON CORPORATION)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C80 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O5 "LPT1:" /M "Stylus C80" (SEIKO EPSON CORPORATION)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O4) Startup Folders ==========

[2005/10/20 12:04:08 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Mikz\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]
"S87HVYvTNF"=C:\Documents and Settings\All Users\Application Data\gborivul\kdgdmxsn.exe -- [2008/10/12 23:59:35 | 00,044,032 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O9) IE Extensions ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
musicmatch.com\online: https in Computer
2 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer

[HKEY_USERS\S-1-5-21-507921405-1637723038-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}: http://www.creative.com/su/ocx/15031/CTSUEng.cab -- Creative Software AutoUpdate
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{33564D57-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/su/ocx/15033/CTPID.cab -- Creative Software AutoUpdate Support Package
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{4496F343-4B3C-4D5E-BE49-1984AC8C5EA3} (Servers: | Description: )
{761EB9E9-9387-45BF-97F6-1390B90D9D8E} (Servers: | Description: CNet PRO200WL PCI Fast Ethernet Adapter)
{819E4415-69F7-44D6-8183-6200B68A89F9} (Servers: | Description: )
{C486E0E5-5890-4049-B1E2-F3F5158ABFB3} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2007/06/23 17:09:43 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[13 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2008/10/27 21:44:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/10/27 21:36:40 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/10/27 21:36:37 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/10/27 21:36:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/10/27 21:34:57 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/10/27 21:34:57 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/10/27 21:34:57 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/10/27 21:34:57 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/27 21:34:57 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/10/27 21:34:57 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/27 21:34:57 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/27 21:34:57 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/10/27 21:34:57 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/10/27 21:34:54 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/10/27 21:32:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/27 20:01:05 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Mikz\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/10/27 20:01:02 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\NTREGOPT.lnk
[2008/10/27 20:01:02 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\ERUNT.lnk
[2008/10/27 20:01:01 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/10/27 19:20:38 | 02,996,407 | R--- | C] () -- C:\Documents and Settings\Mikz\Desktop\ComboFix.exe
[2008/10/27 19:19:36 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Mikz\Desktop\erunt-setup.exe
[2008/10/27 18:10:43 | 00,004,441 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\1f11211g1ZZZZZZZZZ8aqc54a4afb38f31380.jpg
[2008/10/24 12:51:32 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/22 12:46:25 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/22 12:46:25 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/21 13:38:27 | 00,175,164 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\boost reference.pdf
[2008/10/21 02:06:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mikz\Desktop\refile
[2008/10/20 23:43:15 | 00,037,964 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\DSC04138.JPG
[2008/10/20 23:42:29 | 00,036,419 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\DSC04137.JPG
[2008/10/17 00:59:16 | 00,249,614 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\IdleEze%20with%20Images2%20(3).pdf
[2008/10/17 00:53:44 | 00,151,612 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\Ign%20timingwithimages.pdf
[2008/10/17 00:49:32 | 05,625,681 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\Happy%20Carburetion.pdf
[2008/10/15 17:11:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mikz\Application Data\Systweak
[2008/10/15 16:25:49 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer
[2008/10/14 17:04:55 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/14 17:04:47 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/14 17:01:44 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/14 17:01:43 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/14 17:01:42 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/14 17:01:41 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/12 23:59:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gborivul
[2008/10/12 19:37:39 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\Mikz\Desktop\LimeWire 4.18.8.lnk
[2008/10/08 19:18:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mikz\Desktop\Work Out
[2008/10/07 19:57:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/07 18:48:20 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2008/10/07 18:48:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/07 18:48:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/07 18:48:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/07 18:44:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/10/07 01:02:38 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

========== Files - Modified Within 30 Days ==========

[13 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2008/10/27 21:42:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/27 21:41:25 | 00,000,065 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2008/10/27 21:41:17 | 00,000,239 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/27 21:41:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/27 21:40:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/27 21:36:40 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/10/27 20:01:05 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Mikz\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/10/27 20:01:02 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\NTREGOPT.lnk
[2008/10/27 20:01:02 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\ERUNT.lnk
[2008/10/27 19:20:38 | 02,996,407 | R--- | M] () -- C:\Documents and Settings\Mikz\Desktop\ComboFix.exe
[2008/10/27 19:19:41 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Mikz\Desktop\erunt-setup.exe
[2008/10/27 18:08:26 | 00,004,441 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\1f11211g1ZZZZZZZZZ8aqc54a4afb38f31380.jpg
[2008/10/26 17:22:18 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Mikz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/26 03:24:33 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/22 12:46:25 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/21 13:38:28 | 00,175,164 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\boost reference.pdf
[2008/10/20 23:43:15 | 00,037,964 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\DSC04138.JPG
[2008/10/20 23:42:29 | 00,036,419 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\DSC04137.JPG
[2008/10/17 00:59:16 | 00,249,614 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\IdleEze%20with%20Images2%20(3).pdf
[2008/10/17 00:53:44 | 00,151,612 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\Ign%20timingwithimages.pdf
[2008/10/17 00:49:33 | 05,625,681 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\Happy%20Carburetion.pdf
[2008/10/15 12:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 12:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 00:29:08 | 05,868,190 | -H-- | M] () -- C:\Documents and Settings\Mikz\Local Settings\Application Data\IconCache.db
[2008/10/14 22:09:51 | 00,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/14 22:03:19 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/14 22:01:39 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/12 19:37:39 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\Mikz\Desktop\LimeWire 4.18.8.lnk
[2008/10/07 19:58:49 | 00,439,988 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/07 19:58:49 | 00,380,658 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/07 19:58:49 | 00,052,880 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/07 19:57:51 | 00,000,604 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/07 18:44:05 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/07 15:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/07 01:02:41 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
< End of report >


Thank you

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 28 October 2008 - 07:30 AM

Hello Mikz86TA.

I see that you have downloaded some keygens. These are more often than not infected with something. I willl have ComboFix delete it.

Run ComboFix with CFScript
We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    KILLALL::
    Folder::
    C:\Documents and Settings\All Users\Application Data\gborivul
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "S87HVYvTNF"=-
    
    Rootkit::
    C:\WINDOWS\TEMP\eecb9b0e.TMP
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Install Antivirus
I see that you have Symantec's live scheduler, but I don't see the antivirus program itself :thumbsup: .

An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a free anti-virus program from one of the trusted venders below:After installing, update the database, run a full system scan and remove any items found.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Please post back with:
-the ComboFix log
-the Kaspersky log
-a new HijackThis log

How is your computer running now?

With Regards,
The Panda

#13 Mikz86TA

Mikz86TA
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 28 October 2008 - 11:52 AM

I havent noticed the ABCJMP.cpm redirect since I did this. But I was only on for a short time last night. I will see today. Does seem quicker tooo. The kdgdmxn.exe or whatever it was is still showing up on TaskMgr. Sometimes on shutdown that program is running and it has to be manually shut off B4 the PC will shut down. IDK what that program is.
I will do these things you posted in the past post today when I get a chance.
THX, Michel

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 28 October 2008 - 02:15 PM

Hello.

The kdgdmxn.exe or whatever it was is still showing up on TaskMgr.

Could you confirm the file name?

Any way, take your time.

With Regards,
The Panda

#15 Mikz86TA

Mikz86TA
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 29 October 2008 - 12:27 AM

Hello. Just about to run Combo again.

That program I have to manually shut down is kdgdmxsn.exe

I am going to get the Kaspersky but I had to update my Java first.

The Norton expired and like an idiot, I forgot to get something else to replace it. I hated Norton because of all the extra background crap it had running. I need to delete the live pdate part of Norton too I guess.
Which of the listed ones do you recomend?

THX, Michel

Edited by Mikz86TA, 29 October 2008 - 12:51 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users