Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can someone help. nasty virus/malware on my laptop


  • This topic is locked This topic is locked
4 replies to this topic

#1 outlawz

outlawz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 01 November 2008 - 01:10 AM

Can someone please help me... Today I tried downloading something off of limewire. It was a zip file and the second I opened it my laptop went crazy. My laptop has always been pretty tough to crack cause I keep a bunch of spyware programs running/scanning, etc.... Up to today I've never had any spyware/malware problems with it... But this thing is nasty. popups, explorer opens tabs super quick and locks the computer up. It won't let me change my automatic update settings back to automatic. My spysweeper program keeps alerting me of a host file called that is in the font directory called SVChost.exe and it absolutely will not go away.... Up till about 2 hours ago my computer was completely unusable but I ran three or four scanners and removed a whole bunch of spyware that it found (which before today it found NONE)..... I ran a hijack this log and here it is..... I have Vundofix, spysweeper, adaware, spybot search and destroy, and spyware guard..... I've run pretty much all of them just to get my computer where it is about 10% usable.... can someone please help. here's my hijackthis log.... also my mousepad clicker on the bottom of the keyboard stopped working and some of my keyboard keys are suddenly not very reactive and I have to hit them twice to take the letter i'm trying.... this thing is NASTY whatever it is....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:44 PM, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.com/customize/ie/defaul...u/msgr8/*http:/

/www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page =

http://us.rd.yahoo.com/customize/ie/defaul...p/msgr8/*http:/

/www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,

(Default) =

http://us.rd.yahoo.com/customize/ie/defaul...u/msgr8/*http:/

/www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection

Wizard,ShellNext = http://us8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-

892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-

2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar

V35\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-

009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program

Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [MSConfig]

C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program

Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program

Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: &Viewpoint Search -

res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35

\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-

00010333D0AD} - C:\Program Files\Yahoo!

\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-

4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!

\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:05 PM

Posted 01 November 2008 - 10:34 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    C:\WINDOWS\Fonts\svchost.exe
    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Next let's get a more detailed log.
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 outlawz

outlawz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 01 November 2008 - 05:36 PM

I really appreciate it Sam.. My computer has sped up just from running the few programs here and doing the file move. But I'm still getting popups from a few spyware companies when I have the internet open. Again I really appreciate it... Here's the logs I have....

Here's the OTMoveit log BEFORE the reboot..

========== FILES ==========
C:\WINDOWS\Fonts\svchost.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JASONB~1\LOCALS~1\Temp\~DF336C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11012008_151656

Here's the OtMoveit AFTER the Reboot

========== FILES ==========
C:\WINDOWS\Fonts\svchost.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JASONB~1\LOCALS~1\Temp\~DF336C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11012008_151656

Files moved on Reboot...
C:\DOCUME~1\JASONB~1\LOCALS~1\Temp\~DF336C.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Here's e OTViewit log:

OTViewIt logfile created on: 11/1/2008 3:28:23 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Jason Brisson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.98 Mb Total Physical Memory | 44.43 Mb Available Physical Memory | 11.60% Memory free
921.35 Mb Paging File | 635.92 Mb Available in Paging File | 69.02% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 14.25 Gb Free Space | 38.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OUTLAW
Current User Name: Jason Brisson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2003/12/07 21:17:00 | 00,393,216 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2004/06/09 20:31:14 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2004/07/07 19:29:00 | 00,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[2004/07/07 19:29:06 | 01,267,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2004/06/09 20:31:08 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2003/12/07 21:17:00 | 00,393,216 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
[2004/08/05 17:23:10 | 00,308,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
[2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/04/13 17:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2003/10/07 20:40:00 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
[2008/08/13 17:36:33 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2003/10/07 20:40:00 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe
[2004/08/31 09:49:08 | 03,043,328 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
[2008/08/22 22:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/11/01 15:26:58 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Brisson\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2003/12/07 21:17:00 | 00,393,216 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2004/06/09 20:31:08 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2004/06/09 20:31:12 | 00,087,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
[2004/06/09 20:31:14 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
File not found -- -- (cmdService [Auto | Stopped])
[2004/07/07 19:29:00 | 00,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2008/08/13 17:26:14 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/07/07 19:29:10 | 00,173,392 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
[2004/06/11 18:28:30 | 00,201,944 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
[2004/07/07 19:29:06 | 01,267,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
[2004/08/05 17:23:10 | 00,308,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Running])
[2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services ==========

[2003/10/07 20:42:00 | 00,100,256 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2004/10/07 18:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2003/10/30 06:40:56 | 01,205,324 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2003/10/07 20:40:00 | 00,094,601 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2003/12/07 21:17:00 | 00,621,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2003/12/04 05:29:58 | 00,286,848 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2003/12/07 21:17:00 | 00,013,174 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS -- (caboagp [Boot | Running])
[2003/07/17 01:19:56 | 00,066,992 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2003/07/17 01:19:56 | 00,024,698 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2003/07/18 18:22:06 | 00,259,328 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
[2001/08/17 00:13:20 | 00,027,164 | ---- | M] (Xircom, Inc.) -- C:\WINDOWS\system32\drivers\CE3N5.SYS -- (CE3 [On_Demand | Stopped])
[2003/12/17 23:02:00 | 00,008,448 | ---- | M] (Texas Instruments Inc.) -- C:\WINDOWS\system32\drivers\tiumflt.sys -- (DevUpper [Boot | Running])
[2003/07/18 18:25:16 | 00,021,993 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2003/03/02 17:44:26 | 00,007,552 | ---- | M] () -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl [Auto | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2003/07/18 18:25:14 | 00,022,745 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2006/10/11 01:00:00 | 00,079,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061011.018\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2006/10/11 01:00:00 | 00,831,880 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061011.018\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2008/04/13 11:54:36 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Stopped])
[2008/10/31 14:54:12 | 00,086,144 | ---- | M] () -- C:\WINDOWS\system32\drivers\ntmtlfaxx.sys -- (ntmtlfaxx [System | Running])
[2003/06/17 03:39:00 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
[2003/03/30 19:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2003/07/18 18:25:10 | 00,118,409 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2004/09/23 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2003/10/23 08:11:00 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139 [On_Demand | Running])
[2004/02/09 15:43:56 | 00,301,200 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[2004/02/09 15:43:56 | 00,037,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [Auto | Running])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2005/07/25 10:04:08 | 00,048,640 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
[2003/09/10 15:34:36 | 00,592,000 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2004/03/04 23:46:46 | 00,082,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2004/06/11 18:28:08 | 00,016,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Stopped])
[2004/06/11 18:28:10 | 00,263,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2003/04/19 00:32:04 | 00,004,736 | ---- | M] () -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl [Auto | Running])
[2003/12/17 23:02:00 | 00,042,092 | ---- | M] (Texas Instruments Inc.) -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl [On_Demand | Stopped])
[2003/07/18 18:22:06 | 00,213,120 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp [System | Running])
[2008/04/13 11:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.yahoo.com/
"Default_Search_URL"=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_Url"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_Url"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_Url"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_Url"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (22453 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.preferances.com
127.0.0.1 ad.doubleclick.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.enliven.com
127.0.0.1 oz.valueclick.com
127.0.0.1 doubleclick.net
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
673 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{185ed4c6-886a-4e0f-89dd-b5d4ab7d3e9b} (HKLM) -- C:\WINDOWS\system32\detocq.dll ()
{4A368E80-174F-4872-96B5-0B27DDD11DB2} (HKLM) -- C:\Program Files\SpywareGuard\dlprotect.dll ()
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{549B5CA7-4A86-11D7-A4DF-000874180BB3} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{A2954EE3-33BC-4870-93C1-D29225CA1D88} (HKLM) -- C:\WINDOWS\system32\byXNfFyw.dll ()
{A7327C09-B521-4EDB-8509-7D2660C9EC98} (HKLM) -- C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll (Viewpoint Corporation)
{C81E7A5C-42C9-4D0C-B1F9-5458899DEFFB} (HKLM) -- C:\WINDOWS\system32\nnnmkLff.dll (Microsoft Corporation)
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{F8AD5AA5-D966-4667-9DAF-2561D68B2012}" (HKLM) -- C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll (Viewpoint Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
"Host Process"=C:\WINDOWS\Fonts\svchost.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 (Webroot Software, Inc.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 (Webroot Software, Inc.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Viewpoint Search: C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll [2005/11/21 15:57:23 | 01,345,160 | ---- | M] (Viewpoint Corporation)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\Software\Microsoft\Internet Explorer\MenuExt\]
&Viewpoint Search: C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll [2005/11/21 15:57:23 | 01,345,160 | ---- | M] (Viewpoint Corporation)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}: Button: Messenger -- %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [2004/11/24 11:33:48 | 00,320,656 | ---- | M] (Yahoo! Inc.)
{4528BBE0-4E08-11D5-AD55-00010333D0AD}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [2004/11/24 11:33:48 | 00,320,656 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> [2004/11/24 11:33:48 | 00,320,656 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> [2004/11/24 11:33:48 | 00,320,656 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{31435657-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab -- Reg Error: Key does not exist or could not be opened.
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{DA85C1B3-FBFB-4E65-AC1E-A81A90615812} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{DF361B74-3B19-4E45-859D-725C52BA7DAE} (Servers: | Description: Broadcom 54g MaxPerformance 802.11g)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=xfhrbz.dll detocq.dll
>[2008/10/31 15:02:14 | 00,113,664 | ---- | M] () -- C:\WINDOWS\system32\xfhrbz.dll
>[2008/10/31 19:23:03 | 00,113,664 | ---- | M] () -- C:\WINDOWS\system32\detocq.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll ()
NavLogon: "DllName" = C:\WINDOWS\System32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
nnnmkLff: "DllName" = nnnmkLff.dll -- C:\WINDOWS\system32\nnnmkLff.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" (HKLM) -- C:\Program Files\SpywareGuard\spywareguard.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C81E7A5C-42C9-4D0C-B1F9-5458899DEFFB}" (HKLM) -- C:\WINDOWS\system32\nnnmkLff.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\byXNfFyw,
>[2008/10/31 14:58:30 | 00,282,112 | ---- | M] () -- C:\WINDOWS\system32\byXNfFyw.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09372839-1e4e-11dd-82a6-00023f6f2f5d}\Shell\Explore\command]
""=C:\WINDOWS\explorer.exe -- [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09372839-1e4e-11dd-82a6-00023f6f2f5d}\Shell\Launch\command]
""=F:\portablevaultaes.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
""=D:\Launch.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/11/01 15:26:56 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason Brisson\Desktop\OTViewIt.exe
[2008/11/01 15:16:56 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/11/01 15:13:48 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason Brisson\Desktop\OTMoveIt3.exe
[2008/11/01 15:10:50 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\yayaWOFy.dll
[2008/11/01 15:10:50 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qoMghfDU.dll
[2008/10/31 22:43:19 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Jason Brisson\Desktop\HijackThis.lnk
[2008/10/31 22:43:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/31 22:41:20 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jason Brisson\Desktop\HJTInstall.exe
[2008/10/31 19:26:02 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\wmrapnfp.dll
[2008/10/31 19:23:03 | 00,113,664 | ---- | C] () -- C:\WINDOWS\System32\detocq.dll
[2008/10/31 19:23:01 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\yshdobyp.dll
[2008/10/31 19:20:05 | 01,489,890 | -HS- | C] () -- C:\WINDOWS\System32\xnyisexu.ini
[2008/10/31 19:20:01 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\uxesiynx.dll
[2008/10/31 18:15:10 | 00,912,100 | -HS- | C] () -- C:\WINDOWS\System32\wyFfNXyb.ini2
[2008/10/31 18:15:03 | 00,912,100 | -HS- | C] () -- C:\WINDOWS\System32\wyFfNXyb.ini
[2008/10/31 18:09:07 | 00,000,275 | ---- | C] () -- C:\Documents and Settings\Jason Brisson\Desktop\Shortcut to VundoFix.exe.lnk
[2008/10/31 15:41:07 | 00,001,261 | ---- | C] () -- C:\Documents and Settings\Jason Brisson\Desktop\1225492809956-integrated.jnlp
[2008/10/31 15:04:54 | 01,489,890 | -HS- | C] () -- C:\WINDOWS\System32\tubvdnbo.ini
[2008/10/31 15:04:38 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\obndvbut.dll
[2008/10/31 15:02:14 | 00,113,664 | ---- | C] () -- C:\WINDOWS\System32\xfhrbz.dll
[2008/10/31 15:02:13 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onanordj.dll
[2008/10/31 14:58:24 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\byXNfFyw.dll
[2008/10/31 14:57:03 | 00,147,456 | ---- | C] (Info-ZIP) -- C:\WINDOWS\System32\vbzip10.dll
[2008/10/31 14:54:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason Brisson\Application Data\Facegame
[2008/10/31 14:54:30 | 00,000,000 | -HSD | C] -- C:\WINDOWS\SmFzb24gQnJpc3Nvbg
[2008/10/31 14:54:26 | 00,079,080 | ---- | C] () -- C:\WINDOWS\System32\vrbiorntdbjfim.exe
[2008/10/31 14:54:14 | 00,167,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\core.cache.dsk
[2008/10/31 14:54:12 | 00,086,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntmtlfaxx.sys
[2008/10/31 14:54:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\im
[2008/10/31 14:54:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CPX
[2008/10/31 14:54:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\vb
[2008/10/31 14:53:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\BOT2
[2008/10/31 14:53:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\QI02
[2008/10/31 14:53:47 | 00,000,000 | ---D | C] -- C:\Temp
[2008/10/31 14:53:12 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\opnmNFUO.dll
[2008/10/31 14:53:12 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nnnmkLff.dll
[2008/10/30 11:07:35 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\Jason Brisson\Desktop\PDG Gold.lnk
[2008/10/30 11:07:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason Brisson\Application Data\PDG Studyware
[2008/10/30 11:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\PDG Studyware
[2008/10/23 12:27:48 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 23:40:42 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 23:39:51 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 23:39:49 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 23:39:48 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 23:39:46 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 23:39:45 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/10 19:57:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2008/10/03 08:00:10 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\uvgnkojfcswlmdbbe.dll

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/11/01 15:29:13 | 00,912,100 | -HS- | M] () -- C:\WINDOWS\System32\wyFfNXyb.ini
[2008/11/01 15:28:50 | 00,912,100 | -HS- | M] () -- C:\WINDOWS\System32\wyFfNXyb.ini2
[2008/11/01 15:26:58 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Brisson\Desktop\OTViewIt.exe
[2008/11/01 15:24:04 | 00,000,428 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2008/11/01 15:23:13 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/01 15:22:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/01 15:21:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/01 15:21:51 | 40,165,7856 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/01 15:13:51 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Brisson\Desktop\OTMoveIt3.exe
[2008/11/01 15:10:50 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\yayaWOFy.dll
[2008/11/01 15:10:50 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qoMghfDU.dll
[2008/10/31 23:28:24 | 00,383,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/31 23:28:24 | 00,053,806 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/31 23:28:23 | 00,443,380 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/31 22:43:19 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Jason Brisson\Desktop\HijackThis.lnk
[2008/10/31 22:41:20 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Jason Brisson\Desktop\HJTInstall.exe
[2008/10/31 22:37:10 | 00,000,581 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/31 22:37:10 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/31 22:37:10 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/10/31 19:26:02 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\wmrapnfp.dll
[2008/10/31 19:23:03 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\yshdobyp.dll
[2008/10/31 19:23:03 | 00,113,664 | ---- | M] () -- C:\WINDOWS\System32\detocq.dll
[2008/10/31 19:20:16 | 01,489,890 | -HS- | M] () -- C:\WINDOWS\System32\xnyisexu.ini
[2008/10/31 19:20:02 | 00,071,680 | ---- | M] () -- C:\WINDOWS\System32\uxesiynx.dll
[2008/10/31 18:09:07 | 00,000,275 | ---- | M] () -- C:\Documents and Settings\Jason Brisson\Desktop\Shortcut to VundoFix.exe.lnk
[2008/10/31 15:41:19 | 00,001,261 | ---- | M] () -- C:\Documents and Settings\Jason Brisson\Desktop\1225492809956-integrated.jnlp
[2008/10/31 15:05:37 | 01,489,890 | -HS- | M] () -- C:\WINDOWS\System32\tubvdnbo.ini
[2008/10/31 15:04:41 | 00,071,680 | ---- | M] () -- C:\WINDOWS\System32\obndvbut.dll
[2008/10/31 15:02:14 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\onanordj.dll
[2008/10/31 15:02:14 | 00,113,664 | ---- | M] () -- C:\WINDOWS\System32\xfhrbz.dll
[2008/10/31 14:58:30 | 00,282,112 | ---- | M] () -- C:\WINDOWS\System32\byXNfFyw.dll
[2008/10/31 14:57:03 | 00,147,456 | ---- | M] (Info-ZIP) -- C:\WINDOWS\System32\vbzip10.dll
[2008/10/31 14:54:26 | 00,079,080 | ---- | M] () -- C:\WINDOWS\System32\vrbiorntdbjfim.exe
[2008/10/31 14:54:14 | 00,167,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\core.cache.dsk
[2008/10/31 14:54:12 | 00,086,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntmtlfaxx.sys
[2008/10/31 14:53:12 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\opnmNFUO.dll
[2008/10/31 14:53:12 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nnnmkLff.dll
[2008/10/30 11:07:35 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\Jason Brisson\Desktop\PDG Gold.lnk
[2008/10/29 08:25:39 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/23 21:57:03 | 00,185,856 | ---- | M] () -- C:\Documents and Settings\Jason Brisson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/16 17:23:10 | 00,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 17:15:43 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 09:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 09:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/07 12:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/03 10:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 10:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/03 08:00:10 | 00,156,672 | ---- | M] () -- C:\WINDOWS\System32\uvgnkojfcswlmdbbe.dll
< End of report >


And the extra's Log finally:

OTViewIt Extras logfile created on: 11/1/2008 3:28:23 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Jason Brisson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.98 Mb Total Physical Memory | 44.43 Mb Available Physical Memory | 11.60% Memory free
921.35 Mb Paging File | 635.92 Mb Available in Paging File | 69.02% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 14.25 Gb Free Space | 38.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OUTLAW
Current User Name: Jason Brisson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
[2006/11/30 22:49:06 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater
File not found -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
File not found -- C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger
[2002/10/11 15:08:34 | 06,402,084 | ---- | M] () -- C:\Program Files\Red Storm Entertainment\Ghost Recon\GhostRecon.exe:*:Enabled:GhostRecon
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/11/30 22:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{1526D87C-A955-4FAB-BF18-697BA457E352}"=Norton WMI Update
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}"=Microsoft Money 2004
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}"=iPod for Windows 2006-03-23
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}"=HpSdpAppCoreApp
"{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}"=iPod for Windows 2005-09-06
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}"=InterVideo WinDVD Creator 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{45B6180B-DCAB-4093-8EE8-6164457517F0}"=Photosmart 140,240,7200,7600,7700,7900 Series
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}"=Easy CD & DVD Creator 6
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}"=Quicken 2004
"{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1"=Spy Sweeper
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}"=HP Photo and Imaging 2.0 - Photosmart Cameras
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}"=Zone Deluxe Games
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6FA269F8-38CB-4DF7-AA0D-36E3CE789485}"=HP Software Update
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}"=Microsoft Works 7.0
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}"=PSShortcutsP
"{848AC794-8B81-440A-81AE-6474337DB527}"=Symantec AntiVirus
"{882F2BCD-C6A3-4D91-8A09-B2B34CB7E481}"=muvee autoProducer DVD Edition - HPH
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8C64E145-54BA-11D6-91B1-00500462BE80}"=Microsoft Money 2004 System Pack
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{91E30409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{924EAD66-F854-4605-8493-696DD59A113B}"=RollerCoaster Tycoon Deluxe
"{97355297-21C8-40CD-96D3-48E58037A9B8}"=TI1620/1520
"{98E8A2EF-4EAE-43B8-A172-74842B764777}"=InterVideo WinDVD
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-000000000001}"=Adobe Reader 6.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}"=HP Memories Disc
"{CB0888EE-96D8-4713-84DC-36462C33AEB4}"=Bazooka Scanner
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}"=PL-2303 USB-to-Serial
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F419D20A-7719-4639-8E30-C073A040D878}"=HP Deskjet Preloaded Printer Drivers
"4U AVI MPEG Converter_is1"=4U AVI MPEG Converter (version 5.3.8)
"Ad-Aware SE Personal"=Ad-Aware SE Personal
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Photoshop 7.0"=Adobe Photoshop 7.0
"Agere Systems Soft Modem"=Agere Systems AC'97 Modem
"ATI Display Driver"=ATI Display Driver
"C-Com WP XFI"=C-Com WP XFI
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}"=iPod for Windows 2006-03-23
"InstallShield_{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}"=iPod for Windows 2005-09-06
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}"=Quicken 2004
"InstallShield_{97355297-21C8-40CD-96D3-48E58037A9B8}"=PCI 1620 Cardbus Controller and Software
"InterActual Player"=InterActual Player
"LiveUpdate"=LiveUpdate 2.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSD GraphView 3.18"=MSD GraphView 3.18
"MSN Music Assistant"=MSN Music Assistant
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Poker Superstars"=Poker Superstars
"PokerStars"=PokerStars
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.3
"SpywareBlaster_is1"=SpywareBlaster v3.5.1
"SpywareGuard_is1"=SpywareGuard v2.2
"Viewpoint Manager"=Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer"=Viewpoint Media Player
"ViewpointSearchBarV35"=Viewpoint Toolbar V35 (Remove Only)
"vrbiorntdbjfim"=RON Tool Innbanner
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 3
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Messenger Explorer Bar"=Yahoo! Messenger Explorer Bar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PDG Gold 4.0"=PDG Gold 4.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1892975613-2020960558-1848546823-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PDG Gold 4.0"=PDG Gold 4.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/8/2008 12:40:33 AM | Computer Name = OUTLAW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/18/2008 4:51:21 AM | Computer Name = OUTLAW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/18/2008 12:26:06 PM | Computer Name = OUTLAW | Source = Application Hang | ID = 1002
Description = Hanging application CComWP.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/19/2008 5:55:17 PM | Computer Name = OUTLAW | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module explorer.exe, version 6.0.2900.5512, fault address 0x00011900.

Error - 10/23/2008 3:30:38 PM | Computer Name = OUTLAW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2008 7:44:26 PM | Computer Name = OUTLAW | Source = Application Hang | ID = 1002
Description = Hanging application ImageReady.exe, version 7.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/31/2008 6:28:54 PM | Computer Name = OUTLAW | Source = Application Hang | ID = 1002
Description = Hanging application QI022328.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/31/2008 7:31:51 PM | Computer Name = OUTLAW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/31/2008 7:31:51 PM | Computer Name = OUTLAW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/1/2008 1:45:30 AM | Computer Name = OUTLAW | Source = Application Error | ID = 1000
Description = Faulting application hijackthis.exe, version 2.0.0.2, faulting module
byxnffyw.dll, version 1.2.626.1, fault address 0x000627a3.

[ System Events ]
Error - 10/31/2008 7:00:38 PM | Computer Name = OUTLAW | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/31/2008 7:00:38 PM | Computer Name = OUTLAW | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/31/2008 7:22:33 PM | Computer Name = OUTLAW | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 10/31/2008 8:49:51 PM | Computer Name = OUTLAW | Source = Service Control Manager | ID = 7034
Description = The Network Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/31/2008 8:54:07 PM | Computer Name = OUTLAW | Source = Service Control Manager | ID = 7034
Description = The Command Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/31/2008 9:13:40 PM | Computer Name = OUTLAW | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 10/31/2008 9:47:13 PM | Computer Name = OUTLAW | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 11/1/2008 2:23:55 AM | Computer Name = OUTLAW | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 11/1/2008 6:07:41 PM | Computer Name = OUTLAW | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 11/1/2008 6:22:42 PM | Computer Name = OUTLAW | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:05 PM

Posted 02 November 2008 - 10:26 AM

That first step was primarily just to gain some more stability for you so it will be a little easier to remove the rest of it. And there's quite a bit going on there in your log.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.
    If Combofix won't run, rename combofix.exe to cf.exe

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:05 PM

Posted 16 November 2008 - 06:42 PM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users