Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups / Slow Internet


  • This topic is locked This topic is locked
34 replies to this topic

#1 dog54321

dog54321

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 02 November 2008 - 03:07 AM

Hi.

I have popups and recently i got this virus i forgot what it is called but i was playing this game. I had 200 ping from and now 280 and ive been lagging alot. The virus description said " Makes computer slow and internet slow " and i have been experiencing that. Here is a HiJackThis Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:28 PM, on 11/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Warcraft III\WindowTools.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\1\Desktop\Khoi Folder\Fixing Virus\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {42C9D36C-B3CA-4C6D-93CE-3BBD120891C8} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {980AD9CF-5B53-4643-BAD8-2C33440E76AA} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [book knob dvd plus] C:\Documents and Settings\All Users\Application Data\keep build book knob\Debug skip.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?9caf2552e25d4e5e922457707c766ed8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?9caf2552e25d4e5e922457707c766ed8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.facebook.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ABAF1A6-54CF-4D0C-BC30-FBBB51080CCF}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: urqNDUmL - urqNDUmL.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: My Current Home Page - About:Home

--
End of file - 13233 bytes


Thanks :thumbsup:

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:37 AM

Posted 08 November 2008 - 06:20 PM

Hello, dog54321.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 08 November 2008 - 11:24 PM

Hi Billy or Bill :),

Thanks for helping me. I finished the OTVIEWit scan and here are the results.

Otviewit.txt

OTViewIt logfile created on: 11/9/2008 2:47:29 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.11 Mb Total Physical Memory | 362.36 Mb Available Physical Memory | 35.70% Memory free
2.39 Gb Paging File | 1.52 Gb Available in Paging File | 63.49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 159.44 Gb Free Space | 68.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 1-8927C7F107494
Current User Name: 1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/10/18 11:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
[2007/10/18 11:24:44 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
[2008/06/24 20:10:30 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
[2007/10/18 11:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
[2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/11/07 14:01:21 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
[2007/12/17 12:13:18 | 00,523,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
[2007/01/04 12:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
[2006/12/14 18:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2008/08/01 14:18:19 | 00,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/11/07 14:01:22 | 00,243,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
[2006/08/01 21:40:18 | 16,049,664 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2006/03/23 14:43:40 | 00,077,824 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2006/03/23 14:47:50 | 00,118,784 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2007/09/25 01:11:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[2007/11/07 14:01:22 | 00,230,928 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
[2005/11/30 12:51:29 | 02,919,831 | ---- | M] (OptusNet) -- C:\Program Files\OptusNet DSL Internet\DSC.exe
[2008/01/11 07:10:44 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/08/01 14:18:19 | 00,173,296 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
[2008/06/14 16:14:18 | 00,014,088 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
[2006/12/23 19:05:20 | 00,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2007/09/02 16:13:11 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/08/16 23:25:12 | 00,214,280 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
[2006/05/17 16:05:52 | 02,297,856 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
[2008/08/23 16:26:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2006/12/23 19:04:42 | 00,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
[2007/11/07 13:53:13 | 00,218,376 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
[2007/11/07 13:53:13 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
[2006/12/23 18:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
[2006/03/23 14:43:30 | 00,163,840 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
[2007/09/25 01:11:35 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
[2008/08/23 16:26:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 11:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/06/27 10:31:35 | 00,471,040 | ---- | M] (Blizzard Entertainment) -- c:\Program Files\Warcraft III\war3.exe
[2008/02/10 03:46:18 | 00,023,552 | ---- | M] () -- C:\Program Files\Warcraft III\WindowTools.exe
[2008/08/23 16:26:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/11/09 14:45:57 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/04/13 04:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/08/16 23:25:12 | 00,214,280 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP [On_Demand | Running])
[2007/11/07 14:01:21 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe [Auto | Running])
[2007/04/13 04:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/07/16 13:52:15 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007/12/17 12:13:18 | 00,523,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [Auto | Running])
[2008/08/29 10:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2007/09/02 15:28:17 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/02/19 13:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2007/01/04 12:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Running])
[2006/12/14 18:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2006/12/23 18:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/11/07 13:53:13 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv [On_Demand | Running])
[2005/08/03 07:48:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2006/06/05 14:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
[2007/10/18 11:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent [Auto | Running])
[2007/10/18 11:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg [Auto | Running])
[2007/10/18 11:24:44 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp [Auto | Running])
[2008/06/24 20:10:30 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol [Auto | Running])
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2007/11/07 14:01:22 | 00,243,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT [Auto | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/01/09 15:42:06 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2007/03/27 04:00:48 | 00,049,904 | R--- | M] (Avanquest Software) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5 [On_Demand | Stopped])
[2005/11/30 12:51:29 | 00,028,857 | ---- | M] (Siemens Subscriber Networks, Inc.) -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB [On_Demand | Stopped])
[2007/10/17 14:53:16 | 00,043,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fssfltr.sys -- (fssfltr [Auto | Running])
[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/14 03:06:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/03/23 15:17:06 | 01,166,972 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2006/08/01 21:37:02 | 04,356,608 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/06/24 20:08:36 | 00,063,504 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent [System | Running])
[2008/06/24 20:08:42 | 00,134,648 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF [Auto | Running])
[2008/06/24 20:08:42 | 00,088,816 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg [On_Demand | Running])
[2008/06/24 20:08:46 | 00,045,584 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile [System | Running])
[2008/06/24 20:08:52 | 00,115,216 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw [System | Running])
[2008/06/24 20:08:56 | 00,066,576 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx [Auto | Running])
[2008/06/24 20:08:58 | 00,093,712 | ---- | M] (CA) -- C:\WINDOWS\system32\drivers\KmxStart.sys -- (KmxStart [Boot | Running])
[2004/08/13 13:26:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2008/04/14 05:23:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2006/05/29 09:26:36 | 00,008,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])
[2006/05/29 09:26:36 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])
[2006/05/29 09:26:38 | 00,127,488 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])
[2006/05/29 09:26:36 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])
[2005/08/03 07:40:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2006/02/28 22:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/03/27 17:53:28 | 00,167,808 | ---- | M] (NETGEAR Inc.) -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB [On_Demand | Running])
[2006/11/10 19:23:42 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Ebus.sys -- (SE2Ebus [On_Demand | Stopped])
[2006/11/10 19:23:48 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emdfl.sys -- (SE2Emdfl [On_Demand | Stopped])
[2006/11/10 19:23:50 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emdm.sys -- (SE2Emdm [On_Demand | Stopped])
[2006/11/10 19:23:54 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emgmt.sys -- (SE2Emgmt [On_Demand | Stopped])
[2006/11/10 19:23:56 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se2End5.sys -- (se2End5 [On_Demand | Stopped])
[2006/11/10 19:23:58 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Eobex.sys -- (SE2Eobex [On_Demand | Stopped])
[2006/11/10 19:24:06 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se2Eunic.sys -- (se2Eunic [On_Demand | Stopped])
[2007/11/13 20:55:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/01/15 02:44:07 | 00,047,616 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2004/10/28 21:17:59 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2008/10/24 18:28:06 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/01/15 02:39:58 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2007/11/07 14:01:22 | 00,026,640 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT [System | Running])
[2007/11/07 14:01:22 | 00,021,392 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC [System | Running])
[2008/06/05 08:20:53 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT [On_Demand | Running])
[2008/06/05 08:20:53 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE [System | Running])
[2007/11/07 14:01:22 | 00,021,648 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT [System | Running])
[2007/11/07 14:01:22 | 00,032,528 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT [System | Running])
[2005/05/06 10:57:00 | 00,232,064 | R--- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://www.google.com/ie
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchMigratedDefaultName"=
"SearchMigratedDefaultURL"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL\w]
""=

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (692 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{42C9D36C-B3CA-4C6D-93CE-3BBD120891C8} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} (HKLM) -- C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{980AD9CF-5B53-4643-BAD8-2C33440E76AA} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"book knob dvd plus"=C:\Documents and Settings\All Users\Application Data\keep build book knob\Debug skip.exe ()
"cafwc"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl (CA, Inc.)
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
"capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" (CA, Inc.)
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
"Desktop Service Centre"=C:\Program Files\OptusNet DSL Internet\DSC.exe (OptusNet)
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" (CA)
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SkyTel"=SkyTel.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2006/05/17 16:05:52 | 02,297,856 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceActiveDesktopOn"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ForceActiveDesktopOn"=0

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: C:\Program Files\BitComet\BitComet.exe [2007/02/08 19:19:42 | 04,526,144 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet: C:\Program Files\BitComet\BitComet.exe [2007/02/08 19:19:42 | 04,526,144 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet: C:\Program Files\BitComet\BitComet.exe [2007/02/08 19:19:42 | 04,526,144 | ---- | M] (www.BitComet.com)
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Open in new background tab: C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui [2007/10/19 12:12:40 | 00,095,232 | ---- | M] (Microsoft Corporation)
Open in new foreground tab: C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui [2007/10/19 12:12:40 | 00,095,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: C:\Program Files\BitComet\BitComet.exe [2007/02/08 19:19:42 | 04,526,144 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet: C:\Program Files\BitComet\BitComet.exe [2007/02/08 19:19:42 | 04,526,144 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet: C:\Program Files\BitComet\BitComet.exe [2007/02/08 19:19:42 | 04,526,144 | ---- | M] (www.BitComet.com)
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Open in new background tab: C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui [2007/10/19 12:12:40 | 00,095,232 | ---- | M] (Microsoft Corporation)
Open in new foreground tab: C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui [2007/10/19 12:12:40 | 00,095,232 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [2007/09/25 01:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 05:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 10:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 10:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> [2007/09/25 01:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 10:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 10:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 10:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> [2007/09/25 01:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 10:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
facebook.com\www: * in My Computer
106 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
facebook.com\www: * in My Computer
106 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{2931566C-B8A6-46C5-BF4D-E6AB9251E953}: http://s.nx.com/activex/public_new/nxpm.cab -- Nexon Package Manager Control
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab -- Windows Live Safety Center Base Module
{7B297BFD-85E4-4092-B2AF-16A91B2EA103}: http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab -- WScanCtl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}: http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab -- DownloadManager Control

========== (O17) DNS Name Servers ==========

{060FCA6F-3918-4088-974F-CA2DD9A5DF96} (Servers: | Description: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter)
{1ABAF1A6-54CF-4D0C-BC30-FBBB51080CCF} (Servers: 208.67.222.222,208.67.220.220 | Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller)
{57CB4B47-81E1-43DD-8C1F-6BB055C93D81} (Servers: | Description: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter)
{5DBF207D-000E-477D-B8BB-745DB12E6F89} (Servers: | Description: )
{7F150D2C-5430-498D-862C-190EC631A9DA} (Servers: | Description: Sony Ericsson Device 046 USB Ethernet Emulation (NDIS 5))
{F2400BBC-894B-45B3-B726-D52F4DA4DB5A} (Servers: | Description: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter)
{F283677F-9E01-4E27-A614-5A9C4BCC9604} (Servers: | Description: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
PFW: "DllName" = UmxWnp.Dll -- C:\WINDOWS\system32\UmxWNP.dll (CA)
urqNDUmL: "DllName" = urqNDUmL.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}" (HKLM) -- C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E60A0B68-353A-81DD-ED09-2A8101A1DFB1}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\hgGaxxWP,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/08/30 16:26:13 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6571bd05-56be-11dc-a40e-f167bcc4558e}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6571bd05-56be-11dc-a40e-f167bcc4558e}\Shell\Auto\command]
""=auto.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6571bd05-56be-11dc-a40e-f167bcc4558e}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6571bd05-56be-11dc-a40e-f167bcc4558e}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/14 10:42:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7965b6a2-8c12-11dc-9c46-001a9234f76c}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7965b6a2-8c12-11dc-9c46-001a9234f76c}\Shell\Auto\command]
""=auto.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7965b6a2-8c12-11dc-9c46-001a9234f76c}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7965b6a2-8c12-11dc-9c46-001a9234f76c}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/14 10:42:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc92e02-9b1f-11dc-9c92-0018d107cef6}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc92e02-9b1f-11dc-9c92-0018d107cef6}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc92e02-9b1f-11dc-9c92-0018d107cef6}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba84211f-ced9-11dc-8ec6-001e2a20466c}\Shell\AutoRun\command]
""=F:\retry.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/11/09 14:45:54 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTViewIt.exe
[2008/11/08 11:51:03 | 00,326,144 | ---- | C] () -- C:\Documents and Settings\1\My Documents\Haematology prac exam.doc
[2008/11/08 11:19:31 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2008/11/01 15:00:48 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Primary Glomerular Disease.doc
[2008/11/01 10:32:06 | 00,000,268 | -H-- | C] () -- C:\WINDOWS\tasks\AD887244918BEF88.job
[2008/11/01 10:29:03 | 00,000,000 | ---D | C] -- C:\Program Files\Flap Dart Dale
[2008/10/24 18:30:58 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/10/24 15:21:51 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/16 14:44:26 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/16 14:43:57 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/16 14:43:53 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/16 14:43:53 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/16 14:43:52 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/16 14:43:51 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/16 09:58:06 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\1\Desktop\LimeWire 4.18.8.lnk
[2008/10/16 09:57:25 | 04,900,376 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\All Users\Documents\LimeWireWin.exe
[2008/10/15 22:09:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/10/15 22:09:11 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2008/10/15 07:50:17 | 00,000,000 | ---D | C] -- C:\Program Files\rhcefpj0erc3
[2008/10/14 21:16:36 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\1\My Documents\Type II hypersensitivity.doc

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/11/09 14:45:57 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTViewIt.exe
[2008/11/09 14:42:11 | 00,000,555 | ---- | M] () -- C:\Documents and Settings\1\My Documents\My Sharing Folders.lnk
[2008/11/09 14:29:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/11/09 14:00:00 | 00,000,268 | -H-- | M] () -- C:\WINDOWS\tasks\AD887244918BEF88.job
[2008/11/09 11:52:59 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\1\Desktop\Microsoft Office Word 2003.lnk
[2008/11/09 08:36:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/09 08:36:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/09 01:07:20 | 00,255,450 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2008/11/09 01:07:20 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2008/11/09 01:07:20 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2008/11/09 01:07:20 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2008/11/09 01:07:20 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2008/11/09 01:07:20 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2008/11/09 01:07:20 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2008/11/09 01:07:20 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2008/11/08 23:46:05 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/11/08 18:27:10 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/08 18:00:00 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2008/11/08 15:10:21 | 02,112,260 | -H-- | M] () -- C:\Documents and Settings\1\Local Settings\Application Data\IconCache.db
[2008/11/08 14:48:53 | 00,326,144 | ---- | M] () -- C:\Documents and Settings\1\My Documents\Haematology prac exam.doc
[2008/11/08 11:19:54 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\1\Desktop\LimeWire 4.18.8.lnk
[2008/11/05 15:50:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/04 19:25:00 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as 1 at 7 25 PM.job
[2008/11/04 10:59:19 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/01 15:00:49 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Primary Glomerular Disease.doc
[2008/10/24 18:28:06 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/10/24 15:24:29 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/17 07:11:17 | 01,527,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2008/10/16 14:09:44 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2008/10/16 14:09:40 | 00,031,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2008/10/16 14:07:46 | 00,023,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2008/10/16 14:07:44 | 00,023,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/10/16 14:07:14 | 00,018,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2008/10/16 14:06:48 | 00,268,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/10/16 14:06:48 | 00,208,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2008/10/16 14:06:48 | 00,027,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/10/16 09:57:26 | 04,900,376 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\All Users\Documents\LimeWireWin.exe
[2008/10/16 03:04:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/16 03:04:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/14 21:32:23 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\1\My Documents\Type II hypersensitivity.doc
< End of report >

Extras.Txt

OTViewIt Extras logfile created on: 11/9/2008 2:47:29 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.11 Mb Total Physical Memory | 362.36 Mb Available Physical Memory | 35.70% Memory free
2.39 Gb Paging File | 1.52 Gb Available in Paging File | 63.49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 159.44 Gb Free Space | 68.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 1-8927C7F107494
Current User Name: 1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 10:42:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
File not found -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2008/04/14 05:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/02/07 17:14:56 | 00,274,432 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
[2008/06/27 10:31:35 | 00,471,040 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III
File not found -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
File not found -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2008/10/07 13:08:50 | 03,211,776 | ---- | M] (Garena Interactive PTE LTD) -- C:\Program Files\Garena\Garena.exe:*:Enabled:Garena
[2007/02/08 19:19:42 | 04,526,144 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- C:\Program Files\softnyx\GunboundWC\GunBound.gme:*:Enabled:GunBound
[2008/04/12 11:31:29 | 00,106,496 | ---- | M] () -- C:\Program Files\Steam\SteamApps\xfourkingsx\counter-strike source\hl2.exe:*:Enabled:hl2
[2008/02/19 13:10:26 | 19,897,640 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/09/19 05:20:21 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory
File not found -- C:\Documents and Settings\1\Desktop\OdinMs\OdinMS.exe:*:Enabled:MapleStory
File not found -- C:\Documents and Settings\1\Desktop\OdinMs\MapleStory.exe:*:Enabled:MapleStory
[2006/04/11 09:03:44 | 00,163,840 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
[2008/04/14 05:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/07/09 18:08:42 | 00,159,744 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
File not found -- C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core
File not found -- C:\Nexon\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????
[2008/04/14 10:42:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019
[2005/08/03 07:48:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon
File not found -- C:\Documents and Settings\1\Application Data\U3\0000181B3C6002DD\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype
[2008/04/14 10:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2000/12/11 07:03:44 | 00,659,456 | ---- | M] (Frontcode Technologies) -- C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application
File not found -- C:\Program Files\Techland\Xpand Rally\xpandrally.exe:*:Enabled:XpandRally
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000027 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 19:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 14:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 16:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/23 12:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 23:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}"=Nokia PC Connectivity Solution
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}"=Windows Live Photo Gallery
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}"=Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3403CB31-D7C1-43F4-9D2F-579758C0CF09}"=Windows Live OneCare Family Safety
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}"=Tabbed Browsing (Windows Live Toolbar)
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}"=Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6F4494CA-0B4B-4580-85CE-5005F36A2605}"=AntispywareBot
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{80FD852F-5AAC-4129-B931-06AAFFA43138}"=iTunes
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}"=Garena
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{9176251A-4CC1-4DDB-B343-B487195EB397}"=Windows Live Writer
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9BD3BC83-C14A-4C54-A5FB-F43D93D5E4EF}"=Nokia Connectivity Cable Driver
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}"=LightScribe 1.4.136.1
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B28B351F-1232-46EA-85EF-B8EA91641033}"=Nero 7 Essentials
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC}"=Sony Ericsson PC Suite
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}"=Pivot Stickfigure Animator
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}"=Samsung Media Studio
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}"=LG USB Modem Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}"=LG GSM PC Components
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}"=Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}"=NETGEAR WG111v2 wireless USB 2.0 adapter
"{E1B34BF3-6333-47DC-AD85-D89A95829478}"=Nokia PC Suite
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EDA0FFC5-7964-4E2F-9014-693F04695933}"=BA Installer
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1"=WC3Banlist
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58"=Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Beneton Movie GIF_is1"=Beneton Movie GIF 1.1.2
"BitComet"=BitComet 0.84
"C988931A08278BCA99C447BBDEEA229CC8656E50"=Windows Driver Package - Nokia Modem (07/24/2006 6.81.0.23)
"EfntSSDSL"=Siemens Subscriber Networks SpeedStream DSL
"eTrust Suite Personal"=CA Internet Security Suite
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{E0F252A6-DE85-4E93-A93B-DFC3537B3965}"=NETGEAR WG111v2 wireless USB 2.0 adapter
"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 2.01
"Lame MP3 Codec (for the ACM)"=Lame ACM MP3 Codec
"LimeWire"=LimeWire 4.18.8
"Messenger Plus! Live"=Messenger Plus! Live & Sponsor (CiD)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (2.0.0.17)"=Mozilla Firefox (2.0.0.17)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MS-MPEG4"=Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"OptusNet DSL"=OptusNet DSL
"RealPlayer 6.0"=RealPlayer
"rhcefpj0erc3"=AntivirXP08
"VLC media player"=VideoLAN VLC media player 0.8.6c
"WIC"=Windows Imaging Component
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinMX180"=WinMX
"WinPcapInst"=WinPcap 3.1
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"xvid"=XviD MPEG-4 Video Codec
"XviD_is1"=XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III"=Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III"=Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2008 5:40:23 PM | Computer Name = 1-8927C7F107494 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Office 2003 (KB907417): OTKLOADR' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 10/24/2008 5:40:33 PM | Computer Name = 1-8927C7F107494 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Outlook 2003: Junk E-mail Filter (KB957257): OUTLFLTR' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 10/24/2008 5:40:41 PM | Computer Name = 1-8927C7F107494 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Office 2003 (KB907417): OTKLOADR' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 10/24/2008 7:02:50 PM | Computer Name = 1-8927C7F107494 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module unknown, version 0.0.0.0, fault address 0x002f8e23.

Error - 10/25/2008 12:19:37 AM | Computer Name = 1-8927C7F107494 | Source = Application Error | ID = 1000
Description = Faulting application cctray.exe, version 3.2.1.18, faulting module
ccdynamiccontent.dll, version 3.2.1.18, fault address 0x00014c11.

Error - 10/25/2008 7:20:46 PM | Computer Name = 1-8927C7F107494 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Office 2003 (KB907417): OTKLOADR' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 10/25/2008 7:21:30 PM | Computer Name = 1-8927C7F107494 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Outlook 2003: Junk E-mail Filter (KB957257): OUTLFLTR' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 10/25/2008 7:21:55 PM | Computer Name = 1-8927C7F107494 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Office 2003 (KB907417): OTKLOADR' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 10/26/2008 12:30:20 AM | Computer Name = 1-8927C7F107494 | Source = UmxAgent | ID = 108
Description = Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error
0x2.

[ System Events ]
Error - 11/7/2008 4:31:01 PM | Computer Name = 1-8927C7F107494 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Office 2003 (KB907417).

Error - 11/7/2008 4:31:21 PM | Computer Name = 1-8927C7F107494 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB957257).

Error - 11/7/2008 4:32:47 PM | Computer Name = 1-8927C7F107494 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Office 2003 Service Pack 2.

Error - 11/7/2008 4:33:42 PM | Computer Name = 1-8927C7F107494 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Office 2003 (KB907417).

Error - 11/8/2008 9:06:52 AM | Computer Name = 1-8927C7F107494 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 11/8/2008 6:06:38 PM | Computer Name = 1-8927C7F107494 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 11/8/2008 6:09:44 PM | Computer Name = 1-8927C7F107494 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Office 2003 (KB907417).

Error - 11/8/2008 6:10:13 PM | Computer Name = 1-8927C7F107494 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter
(KB957257).

Error - 11/8/2008 6:12:29 PM | Computer Name = 1-8927C7F107494 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Office 2003 Service Pack 2.

Error - 11/8/2008 6:14:53 PM | Computer Name = 1-8927C7F107494 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Office 2003 (KB907417).


< End of report >

For the kaspersky online scanner it might take long because sometimes my family cancel it or another family member want to go on. Ill get it to you asap. :thumbsup: By the way was the Otviewit scanner suppose to be on 30 days?

Edited by dog54321, 08 November 2008 - 11:26 PM.


#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:37 AM

Posted 09 November 2008 - 01:52 AM

Hello, dog54321.
If it's a problem, go ahead and skip the Kaspersky scan for now. It's useful, but I already see plenty of infections in that log :thumbsup:

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :)
In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 09 November 2008 - 02:22 AM

Hi Billy, im doing the Virus Scan at the moment and ill do the combo fix now. How do i disable CA Anti Virus? Thanks again :thumbsup:

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:37 AM

Posted 09 November 2008 - 11:20 AM

You should be able to double click on CA's tray icon, and disable it somewhere in the program itself.

I have not honestly used CA so I'm not quite sure exactly how to shut it off :)

Let me know if you can't figure it out and I'll install it and figure it out... :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 10 November 2008 - 01:21 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, November 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 09, 2008 11:09:15
Records in database: 1376472
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 115446
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:39:23


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\keep build book knob\amok joy.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Documents and Settings\All Users\Application Data\keep build book knob\plus atom.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Program Files\Warcraft III\WarcraftAutorefresh_FIXED.exe Infected: Trojan-Spy.Win32.Pophot.cpc 1

The selected area was scanned.

I deleted the WarcraftAutorefresh_FIXED.exe just to let you know just then. I haven't found out how to disable CA yet but im looking on google.

#8 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 10 November 2008 - 01:49 AM

ComboFix 08-11-09.01 - 1 2008-11-10 17:04:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.421 [GMT 10.5:30]
Running from: c:\documents and settings\1\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\rhcefpj0erc3
c:\windows\Fonts\wav.wav
c:\windows\IE4 Error Log.txt
c:\windows\search_res.txt
c:\windows\system32\apdmjswu.ini
c:\windows\system32\cqjklbor.ini
c:\windows\system32\crwlvovf.ini
c:\windows\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
c:\windows\system32\dllcache\rndll32.exe
c:\windows\system32\dllcache\tskmgr.exe
c:\windows\system32\esouwsin.ini
c:\windows\system32\fiamevku.ini
c:\windows\system32\gvyuhsxo.ini
c:\windows\system32\hjgmafaq.ini
c:\windows\system32\jejxnsoo.ini
c:\windows\system32\kopvbxmg.ini
c:\windows\system32\ldtxgdjc.ini
c:\windows\system32\lojghtfa.ini
c:\windows\system32\lvjdnbsq.ini
c:\windows\system32\naqssxkh.ini
c:\windows\system32\nnlotahe.ini
c:\windows\system32\noqudyng.ini
c:\windows\system32\nXxGMnmp.ini
c:\windows\system32\nXxGMnmp.ini2
c:\windows\system32\odhsursi.ini
c:\windows\system32\oqfqkuki.ini
c:\windows\system32\ornvqhyb.ini
c:\windows\system32\owshdnxf.ini
c:\windows\system32\rBeeNXyb.ini
c:\windows\system32\rBeeNXyb.ini2
c:\windows\system32\tubnqkvr.ini
c:\windows\system32\tyiovmrs.ini
c:\windows\system32\uatlsjil.ini
c:\windows\system32\vqftainu.ini
c:\windows\system32\vyjclukr.ini
c:\windows\system32\wllyafvj.ini
c:\windows\system32\xcfirygl.ini
c:\windows\system32\xcuxjqdn.ini
c:\windows\system32\xmgqalyl.ini
c:\windows\system32\xnsuvlaa.ini
c:\windows\system32\xnyfvxbi.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-08 11:19 . 2008-11-08 11:19 <DIR> d-------- c:\program files\LimeWire
2008-11-01 10:29 . 2008-11-01 10:29 <DIR> d-------- c:\program files\Flap Dart Dale
2008-10-24 18:30 . 2008-10-24 18:28 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-10-24 18:27 . 2008-10-26 17:29 <DIR> d-------- c:\documents and settings\1\.housecall6.6
2008-10-24 15:21 . 2008-10-16 03:04 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-16 14:44 . 2008-09-08 21:11 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-16 14:43 . 2008-08-14 20:41 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 14:43 . 2008-08-14 20:39 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 14:43 . 2008-08-14 20:03 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 14:43 . 2008-08-14 20:03 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 14:43 . 2008-09-15 22:42 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-15 22:09 . 2008-10-15 22:09 <DIR> d-------- c:\program files\NOS
2008-10-15 22:09 . 2008-10-15 22:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 06:39 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2008-11-10 06:39 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2008-11-10 06:39 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2008-11-10 06:39 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2008-11-10 06:39 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2008-11-10 06:39 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2008-11-10 06:39 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2008-11-10 06:39 256,970 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2008-11-09 21:21 --------- d-----w c:\program files\Warcraft III
2008-11-08 12:33 --------- d-----w c:\documents and settings\1\Application Data\LimeWire
2008-11-07 06:16 --------- d-----w c:\documents and settings\trinh\Application Data\LimeWire
2008-10-31 23:59 --------- d-----w c:\documents and settings\All Users\Application Data\keep build book knob
2008-10-16 03:43 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 03:43 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 03:42 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 03:42 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 03:39 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 03:39 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 03:39 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 03:38 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 03:36 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 03:36 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 11:49 --------- d-----w c:\program files\Common Files\Adobe
2008-10-07 02:40 --------- d-----w c:\program files\Garena
2008-09-22 01:43 --------- d-----w c:\program files\Messenger Plus! Live
2008-09-21 02:39 --------- d-----w c:\documents and settings\1\Application Data\U3
2008-09-19 06:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-18 22:36 --------- d-----w c:\program files\Steam
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-14 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-14 08:12 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-09-14 06:25 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-09-14 02:01 --------- d-----w c:\program files\Windows Live
2008-09-12 09:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-07-24 22:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072520080726\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-11-07 230928]
"Desktop Service Centre"="c:\program files\OptusNet DSL Internet\DSC.exe" [2005-11-30 2919831]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-11 185896]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-01-31 385024]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-01 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-01 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-01 259312]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-06-14 14088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"book knob dvd plus"="c:\documents and settings\All Users\Application Data\keep build book knob\Debug skip.exe" [2008-11-10 9826304]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 2297856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 14:30 79368 c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 2007-12-17 12:12 243240 c:\program files\Windows Live\Family Safety\fssui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 13:36 229376 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-09-20 08:23 132624 c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 17:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\SteamApps\\xfourkingsx\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinPcap\\rpcapd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11448:TCP"= 11448:TCP:BitComet 11448 TCP
"11448:UDP"= 11448:UDP:BitComet 11448 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 KmxStart;KmxStart;c:\windows\system32\DRIVERS\kmxstart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-11-07 189704]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 npkycryp;npkycryp;c:\nexon\MapleStory\npkycryp.sys [ ]
S3 ROCKSTAR;ROCKSTAR;c:\documents and settings\1\Desktop\Maplestory\Dspider0 v57\ksysdrv.sys [ ]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys [ ]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);c:\windows\system32\DRIVERS\SE2Ebus.sys [2006-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;c:\windows\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;c:\windows\system32\DRIVERS\SE2Emdm.sys [2006-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\DRIVERS\se2End5.sys [2006-11-10 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\SE2Eobex.sys [2006-11-10 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\DRIVERS\se2Eunic.sys [2006-11-10 90800]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6571bd05-56be-11dc-a40e-f167bcc4558e}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7965b6a2-8c12-11dc-9c46-001a9234f76c}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bc92e02-9b1f-11dc-9c92-0018d107cef6}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba84211f-ced9-11dc-8ec6-001e2a20466c}]
\Shell\AutoRun\command - F:\retry.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-09 c:\windows\Tasks\AD887244918BEF88.job
- c:\docume~1\vivian\applic~1\flapda~1\rule part body.exe []

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-11-04 c:\windows\Tasks\CAAntiSpywareScan_Daily as 1 at 7 25 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-11-07 13:53]

2008-11-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-11-09 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2008-04-14 10:42]
.
- - - - ORPHANS REMOVED - - - -

BHO-{42C9D36C-B3CA-4C6D-93CE-3BBD120891C8} - (no file)
BHO-{980AD9CF-5B53-4643-BAD8-2C33440E76AA} - (no file)
Notify-urqNDUmL - urqNDUmL.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\hsco69ky.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 17:12:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\explorer.exe
-> ?:\windows\system32\MLANG.dll
-> ?:\windows\system32\MLANG.dll
-> ?:\windows\system32\MLANG.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-11-10 17:17:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-10 06:46:42

Pre-Run: 170,856,108,032 bytes free
Post-Run: 171,672,678,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

287 --- E O F --- 2008-11-09 20:32:02

While i was doing ComboFix it said i wasn't online and i couldn't download Recovery Install, also when i was doing Combofix my desktop would just go blank sometimes and the taskbar also, is that wierd or natural.

#9 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 10 November 2008 - 02:33 AM

By the way after the Combo Fix finished i deleted this virus called BangSoft but the thing is that it said the virus location was at C:\ComboFix. Wierd~?? :thumbsup:

Edited by dog54321, 10 November 2008 - 02:34 AM.


#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:37 AM

Posted 10 November 2008 - 05:13 PM

Hello Dog :thumbsup:

I have a question for you:
Please see the following link:
http://www.systemlookup.com/Startup/835-ar...star32_exe.html

On your system you have a similar application, called MapleStory. I would recommend removal of this program. But I don't want to nuke it unless I have your permission to do so.

Do it?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 11 November 2008 - 01:51 AM

Ok i deleted it.

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:37 AM

Posted 11 November 2008 - 02:53 PM

Hello, dog54321.
You have a Peer-To-Peer program installed.
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6571bd05-56be-11dc-a40e-f167bcc4558e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7965b6a2-8c12-11dc-9c46-001a9234f76c}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bc92e02-9b1f-11dc-9c92-0018d107cef6}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba84211f-ced9-11dc-8ec6-001e2a20466c}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "book knob dvd plus"=-
    folder::
    c:\program files\Flap Dart Dale
    c:\documents and settings\All Users\Application Data\keep build book knob
    c:\documents and settings\1\Desktop\Maplestory
    c:\nexon
    c:\docume~1\vivian\applic~1\flapda~1
    file::
    F:\retry.exe
    c:\windows\Tasks\AD887244918BEF88.job
    c:\windows\Tasks\ParetoLogic Registration.job
    driver::
    scrcap
    ROCKSTAR
    npkycryp
    rootkit::
    c:\windows\system32\DRIVERS\scrcap.sys
    c:\documents and settings\1\Desktop\Maplestory\Dspider0 v57\ksysdrv.sys
    c:\nexon\MapleStory\npkycryp.sys
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 11 November 2008 - 04:26 PM

So i must stop using limewire ( my sister used it ), ill get combofix log to you asap i got school now. :thumbsup:

#14 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 12 November 2008 - 12:42 AM

Here is the new ComboFix log..

ComboFix 08-11-09.01 - 1 2008-11-12 15:59:10.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447 [GMT 10.5:30]
Running from: c:\documents and settings\1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\1\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\Tasks\AD887244918BEF88.job
c:\windows\Tasks\ParetoLogic Registration.job
F:\retry.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\keep build book knob
c:\documents and settings\All Users\Application Data\keep build book knob\amok joy.exe
c:\documents and settings\All Users\Application Data\keep build book knob\Debug skip.exe
c:\documents and settings\All Users\Application Data\keep build book knob\plus atom.exe
c:\program files\Flap Dart Dale
c:\windows\Tasks\AD887244918BEF88.job
c:\windows\Tasks\ParetoLogic Registration.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_ROCKSTAR
-------\Service_NPF
-------\Service_npkycryp
-------\Service_ROCKSTAR
-------\Service_scrcap


((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-08 11:19 . 2008-11-08 11:19 <DIR> d-------- c:\program files\LimeWire
2008-10-24 18:30 . 2008-10-24 18:28 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-10-24 18:27 . 2008-10-26 17:29 <DIR> d-------- c:\documents and settings\1\.housecall6.6
2008-10-24 15:21 . 2008-10-16 03:04 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-16 14:44 . 2008-09-08 21:11 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-16 14:43 . 2008-08-14 20:41 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 14:43 . 2008-08-14 20:39 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 14:43 . 2008-08-14 20:03 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 14:43 . 2008-08-14 20:03 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 14:43 . 2008-09-15 22:42 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-15 22:09 . 2008-10-15 22:09 <DIR> d-------- c:\program files\NOS
2008-10-15 22:09 . 2008-10-15 22:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 05:33 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2008-11-12 05:33 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2008-11-12 05:33 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2008-11-12 05:33 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2008-11-12 05:33 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2008-11-12 05:33 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2008-11-12 05:33 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2008-11-12 05:33 256,970 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2008-11-11 21:11 --------- d-----w c:\documents and settings\trinh\Application Data\LimeWire
2008-11-11 09:41 --------- d-----w c:\program files\Warcraft III
2008-11-08 12:33 --------- d-----w c:\documents and settings\1\Application Data\LimeWire
2008-10-16 03:43 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 03:43 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 03:42 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 03:42 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 03:39 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 03:39 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 03:39 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 03:38 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 03:36 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 03:36 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 11:49 --------- d-----w c:\program files\Common Files\Adobe
2008-10-07 02:40 --------- d-----w c:\program files\Garena
2008-09-22 01:43 --------- d-----w c:\program files\Messenger Plus! Live
2008-09-21 02:39 --------- d-----w c:\documents and settings\1\Application Data\U3
2008-09-19 06:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-18 22:36 --------- d-----w c:\program files\Steam
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-14 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-14 08:12 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-09-14 06:25 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-09-14 02:01 --------- d-----w c:\program files\Windows Live
2008-09-12 09:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-07-24 22:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072520080726\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-11-07 230928]
"Desktop Service Centre"="c:\program files\OptusNet DSL Internet\DSC.exe" [2005-11-30 2919831]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-11 185896]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-01-31 385024]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-01 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-01 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-01 259312]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-06-14 14088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 2297856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 14:30 79368 c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 2007-12-17 12:12 243240 c:\program files\Windows Live\Family Safety\fssui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 13:36 229376 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-09-20 08:23 132624 c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 17:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\SteamApps\\xfourkingsx\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinPcap\\rpcapd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11448:TCP"= 11448:TCP:BitComet 11448 TCP
"11448:UDP"= 11448:UDP:BitComet 11448 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 KmxStart;KmxStart;c:\windows\system32\DRIVERS\kmxstart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-11-07 189704]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);c:\windows\system32\DRIVERS\SE2Ebus.sys [2006-11-10 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;c:\windows\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;c:\windows\system32\DRIVERS\SE2Emdm.sys [2006-11-10 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\DRIVERS\se2End5.sys [2006-11-10 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\SE2Eobex.sys [2006-11-10 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\DRIVERS\se2Eunic.sys [2006-11-10 90800]
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-11-04 c:\windows\Tasks\CAAntiSpywareScan_Daily as 1 at 7 25 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-11-07 13:53]

2008-11-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 16:05:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-11-12 16:09:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 05:39:39

Pre-Run: 171,271,790,592 bytes free
Post-Run: 171,252,297,728 bytes free

223 --- E O F --- 2008-11-11 20:32:05

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:37 AM

Posted 12 November 2008 - 07:34 PM

Hello, dog54321.
That looks much better. How are things running?

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users