Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sorry confused. popups, search bars, shopping. need help.


  • This topic is locked This topic is locked
20 replies to this topic

#1 soberalison

soberalison

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 03 November 2008 - 12:35 PM

I am a graphic designer and just got hijacked by ad clicks and virus popups and toolbar searches that lead only to shopping. I need to get rid of asap to work. I posted in the wrong post first and i'm about to break down and cry. i just need some help please. Here is my hijack this log. thank you, alison
please help fast, I"m really really upset. My illustrator program has even been changed. i think i have worm. win32.autorun.nuu
thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:32 AM, on 11/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\windows\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\windows\system32\svchost.exe
C:\windows\System32\alg.exe
C:\windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\ali\Local Settings\Temp\wz912f\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.guru.com/login.cfm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kddkm.exe] C:\windows\system32\kddkm.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [CyberScurb] "C:\PROGRA~1\CYBERS~1\silent.exe" /R
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pinochle - http://origin.games.yahoo.net/games/clients/y/ut2_x.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - http://prostores3.megawebservers.com/store...es/pssbedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26236645-CE99-480C-8124-A919ECDF33AE}: NameServer = 85.255.112.133;85.255.112.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{26236645-CE99-480C-8124-A919ECDF33AE}: NameServer = 85.255.112.133;85.255.112.196
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll djvapy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

--
End of file - 8394 bytes

Edited by soberalison, 03 November 2008 - 12:47 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:16 PM

Posted 03 November 2008 - 06:07 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

First let's get a more detailed log so we can determine the best plan of attack for you.
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 soberalison

soberalison
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 03 November 2008 - 11:48 PM

hi Sam, thank you thank you.
donations will be in order.
i've downloaded ot view.
here goes:


OTViewIt logfile created on: 11/3/2008 8:46:04 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\ali\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.36% Memory free
3.85 Gb Paging File | 3.21 Gb Available in Paging File | 83.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 742.39 Gb Total Space | 709.57 Gb Free Space | 95.58% Space Free | Partition Type: NTFS
Drive D: | 684.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 149.01 Gb Total Space | 57.05 Gb Free Space | 38.28% Space Free | Partition Type: FAT32

Computer Name: MAMABEAR
Current User Name: ali
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/10/14 11:02:02 | 00,670,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
[2006/11/21 16:08:58 | 00,813,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
[2007/06/28 11:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
[2008/11/03 18:13:41 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/11/03 18:13:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/04/24 20:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2001/02/23 09:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
[2001/08/10 05:00:00 | 00,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities\NPROTECT.EXE
[2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2001/08/09 05:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Speed Disk\NOPDB.EXE
[2001/02/17 22:35:08 | 00,046,496 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
[2004/08/04 04:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2007/06/28 11:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
[2004/08/04 04:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2006/05/16 21:12:59 | 00,075,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
[2008/11/03 20:44:58 | 00,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\ali\Local Settings\Temp\Adobelm_Cleanup.0001
[2007/04/26 20:13:30 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
[2008/11/03 20:44:58 | 00,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\ali\Local Settings\Temp\Adobelm_Cleanup.0001
[2008/11/03 20:45:34 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ali\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/04/26 20:13:30 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Running])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2005/09/23 14:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2000/05/24 14:20:36 | 00,015,360 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc [Disabled | Stopped])
[2007/06/28 11:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -- (AVP [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/09/23 14:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/09/24 21:34:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2005/10/14 11:02:02 | 00,670,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/11/03 18:13:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/04/24 20:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2001/02/23 09:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
[2000/08/06 00:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [On_Demand | Stopped])
[2000/08/06 00:50:18 | 00,065,602 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2001/08/10 05:00:00 | 00,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities\NPROTECT.EXE -- (NProtectService [Auto | Running])
[2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/04/22 19:29:34 | 00,088,824 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/04/22 19:29:32 | 00,359,160 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2007/04/23 10:43:54 | 00,310,008 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2007/04/23 10:43:46 | 01,010,424 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2007/04/23 10:43:54 | 00,166,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2001/08/09 05:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Speed Disk\NOPDB.EXE -- (Speed Disk service [Auto | Running])
[2000/08/06 00:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/10/28 12:39:11 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\windows\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2004/10/15 11:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2005/06/13 16:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/11/03 09:06:34 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2005/01/08 00:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/10/14 11:00:36 | 00,101,760 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
[2005/10/14 11:01:56 | 00,029,440 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass [System | Running])
[2005/10/14 11:00:26 | 00,022,016 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm [System | Running])
[2006/12/21 20:26:48 | 04,405,248 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/02/07 18:52:58 | 00,006,912 | ---- | M] (JMicron ) -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO [Boot | Running])
[2006/08/23 13:54:22 | 00,042,752 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID [Boot | Running])
[2004/08/03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/05/28 06:45:20 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2008/04/28 09:04:35 | 00,194,320 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (klif [System | Running])
[2007/04/04 13:58:26 | 00,024,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2004/08/13 01:56:20 | 00,005,810 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2001/08/10 05:00:00 | 00,034,354 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver [On_Demand | Running])
[2007/06/28 23:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/04/24 16:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/04/24 16:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2006/02/17 10:28:30 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/02/17 10:28:32 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/04/24 16:52:36 | 00,082,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
[2007/04/27 15:44:01 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/23 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimSerPort [On_Demand | Stopped])
[2006/11/07 18:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2004/08/04 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2004/08/04 04:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/27 22:08:30 | 00,057,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2004/08/04 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Start Page"=http://www.guru.com/login.cfm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=yaho

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Start Page"=http://www.guru.com/login.cfm

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=yaho

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (806 bytes) - C:\windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
127.0.0.1 mpa.one.microsoft.com

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{14C46557-4FB5-4626-AA48-281E09078004} (HKLM) -- C:\WINDOWS\system32\awttsqRj.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{96E74E0B-9143-4D55-B522-35112296956A} (HKLM) -- C:\WINDOWS\system32\rqRHyyAR.dll ()
{d671ada6-4e32-4653-8b58-aa09f9db0ca8} (HKLM) -- C:\WINDOWS\system32\djvapy.dll ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" (Kaspersky Lab)
"C:\WINDOWS\system32\kddkm.exe"=C:\windows\system32\kddkm.exe File not found
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

========== (O4) Startup Folders ==========

[2005/03/16 18:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\ali\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Anti-Banner: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm [2007/06/28 11:40:16 | 00,001,317 | ---- | M] ()
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Anti-Banner: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm [2007/06/28 11:40:16 | 00,001,317 | ---- | M] ()
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web Anti-Virus statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [2007/06/28 11:51:52 | 00,222,472 | ---- | M] (Kaspersky Lab)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> [2007/06/28 11:51:52 | 00,222,472 | ---- | M] (Kaspersky Lab)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> [2007/06/28 11:51:52 | 00,222,472 | ---- | M] (Kaspersky Lab)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{49232000-16E4-426C-A231-62846947304B}: http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab -- SysData Class
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab -- System Requirements Lab Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{F73BE1F4-82AA-4405-AB81-FAFB5A122359}: http://prostores3.megawebservers.com/store...es/pssbedit.cab -- SiteBuilderEditor Class
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{26236645-CE99-480C-8124-A919ECDF33AE} (Servers: 85.255.112.133;85.255.112.196 | Description: NVIDIA nForce Networking Controller)
{51D99EDA-3B14-4234-8424-F3B40C772BE4} (Servers: | Description: Intel® PRO/100+ Management Adapter)
{C66A795B-C264-4FC4-B0FC-7BD723C42775} (Servers: | Description: 1394 Net Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll djvapy.dll
>[2007/06/28 11:51:42 | 00,091,400 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll
>[2008/11/03 03:41:34 | 00,113,152 | ---- | M] () -- C:\WINDOWS\system32\djvapy.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=kddkm.exe
>File not found --


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
rqRHyyAR: "DllName" = rqRHyyAR.dll -- C:\WINDOWS\system32\rqRHyyAR.dll ()

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{96E74E0B-9143-4D55-B522-35112296956A}" (HKLM) -- C:\WINDOWS\system32\rqRHyyAR.dll ()

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\awttsqRj,
>[2008/11/02 21:35:33 | 00,269,824 | ---- | M] () -- C:\WINDOWS\system32\awttsqRj.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autorun.inf []
[2008/11/03 17:13:28 | 00,000,000 | ---- | M] () -- L:\autorun.inf -- [ FAT32 ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fdd138a-d966-11db-a261-001a922d71a1}\Shell\AutoRun\command]
""=K:\setup.cmd -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2006/12/19 20:52:18 | 08,453,632 | ---- | M] (Microsoft Corporation)


========== Files/Folders - Created Within 30 Days ==========

[2008/11/03 20:45:33 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ali\Desktop\OTViewIt.exe
[2008/11/03 19:38:20 | 00,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\ali\Desktop\KillBox.exe
[2008/11/03 19:37:47 | 00,000,084 | -HS- | C] () -- C:\windows\klif.spi
[2008/11/03 18:30:35 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\Shortcut to HijackThis.exe.lnk
[2008/11/03 18:29:59 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/11/03 14:58:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Desktop\ANTIVIRUS AVZ 4 HARDCORE
[2008/11/03 13:55:29 | 21,459,51744 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/03 11:51:21 | 00,000,000 | ---D | C] -- C:\Deckard
[2008/11/03 11:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\AdobeUM
[2008/11/03 11:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2008/11/03 11:20:33 | 00,000,000 | ---D | C] -- C:\windows\BDOSCAN8
[2008/11/03 11:11:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2008/11/03 11:11:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Toolbar
[2008/11/03 09:54:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\My Documents\Updater
[2008/11/03 09:06:51 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/11/03 09:06:35 | 00,000,250 | ---- | C] () -- C:\windows\gmer.ini
[2008/11/03 09:06:34 | 00,884,736 | ---- | C] () -- C:\windows\gmer.dll
[2008/11/03 09:06:34 | 00,085,969 | ---- | C] (GMER) -- C:\windows\System32\drivers\gmer.sys
[2008/11/03 09:06:34 | 00,000,080 | ---- | C] () -- C:\windows\gmer_uninstall.cmd
[2008/11/03 08:30:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\Adobe
[2008/11/03 08:20:54 | 00,000,000 | ---D | C] -- C:\!KillBox
[2008/11/03 03:41:34 | 00,113,152 | ---- | C] () -- C:\windows\System32\jkybmolm.dll
[2008/11/03 03:41:34 | 00,113,152 | ---- | C] () -- C:\windows\System32\djvapy.dll
[2008/11/03 03:38:35 | 01,493,938 | -HS- | C] () -- C:\windows\System32\rbvqcmcf.ini
[2008/11/02 21:43:32 | 00,034,176 | ---- | C] () -- C:\windows\System32\tuvUlijh.dll
[2008/11/02 21:43:32 | 00,034,176 | ---- | C] () -- C:\windows\System32\qoMebbyV.dll
[2008/11/02 21:38:36 | 00,113,152 | ---- | C] () -- C:\windows\System32\zrgvzc.dll
[2008/11/02 21:38:35 | 00,113,152 | ---- | C] () -- C:\windows\System32\ujlielgf.dll
[2008/11/02 21:36:34 | 01,489,903 | -HS- | C] () -- C:\windows\System32\gjeiccwh.ini
[2008/11/02 21:35:34 | 00,925,597 | -HS- | C] () -- C:\windows\System32\jRqsttwa.ini2
[2008/11/02 21:35:34 | 00,925,597 | -HS- | C] () -- C:\windows\System32\jRqsttwa.ini
[2008/11/02 21:35:31 | 00,269,824 | ---- | C] () -- C:\windows\System32\awttsqRj.dll
[2008/11/02 21:30:26 | 00,040,960 | ---- | C] () -- C:\windows\System32\rqRHyyAR.dll
[2008/11/02 21:26:06 | 00,000,000 | RHSD | C] -- C:\resycled
[2008/11/02 16:23:00 | 00,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2008/11/02 16:22:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Local Settings\Application Data\Mozilla
[2008/11/02 00:40:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\uTorrent
[2008/11/02 00:31:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\My Documents\Azureus Downloads
[2008/11/02 00:30:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/11/02 00:30:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\Azureus
[2008/10/31 14:28:00 | 00,917,353 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\S20-30.pdf
[2008/10/31 14:28:00 | 00,064,537 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\skinlaboratory_logo.ai
[2008/10/30 00:41:14 | 00,097,817 | ---- | C] () -- C:\windows\update.3470.exe
[2008/10/27 21:04:41 | 00,056,832 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\Re University Park Reading By 9.msg
[2008/10/27 21:04:13 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\RE Co-room moms.msg
[2008/10/25 16:03:10 | 01,140,291 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\FEDERATION GRADIENT DISSOLVE TEXT.ai
[2008/10/24 07:08:49 | 00,078,336 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\NOV 6 SITE COUNCIL WORKSHOP.msg
[2008/10/23 09:46:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Desktop\New Folder
[2008/10/08 07:05:46 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/08 07:05:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/06 19:19:31 | 00,000,000 | ---D | C] -- C:\windows\IPAFONTS

========== Files - Modified Within 30 Days ==========

[6 C:\windows\System32\*.tmp files]
[2008/11/03 20:46:25 | 00,925,597 | -HS- | M] () -- C:\windows\System32\jRqsttwa.ini
[2008/11/03 20:45:34 | 06,581,280 | -HS- | M] () -- C:\windows\System32\drivers\fidbox2.dat
[2008/11/03 20:45:34 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ali\Desktop\OTViewIt.exe
[2008/11/03 20:45:15 | 10,180,5344 | -HS- | M] () -- C:\windows\System32\drivers\fidbox.dat
[2008/11/03 20:44:40 | 00,925,597 | -HS- | M] () -- C:\windows\System32\jRqsttwa.ini2
[2008/11/03 19:44:54 | 00,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2008/11/03 19:44:20 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2008/11/03 19:44:17 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2008/11/03 19:44:14 | 21,459,51744 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/03 19:43:09 | 01,370,084 | -HS- | M] () -- C:\windows\System32\drivers\fidbox.idx
[2008/11/03 19:43:09 | 00,622,196 | -HS- | M] () -- C:\windows\System32\drivers\fidbox2.idx
[2008/11/03 19:38:20 | 00,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\ali\Desktop\KillBox.exe
[2008/11/03 19:37:47 | 00,000,084 | -HS- | M] () -- C:\windows\klif.spi
[2008/11/03 18:30:36 | 00,000,742 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\Shortcut to HijackThis.exe.lnk
[2008/11/03 17:05:55 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2008/11/03 16:48:17 | 00,000,858 | ---- | M] () -- C:\windows\win.ini
[2008/11/03 16:48:17 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2008/11/03 13:00:13 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/03 09:54:11 | 00,000,256 | ---- | M] () -- C:\windows\System32\pool.bin
[2008/11/03 09:06:35 | 00,000,250 | ---- | M] () -- C:\windows\gmer.ini
[2008/11/03 09:06:34 | 00,884,736 | ---- | M] () -- C:\windows\gmer.dll
[2008/11/03 09:06:34 | 00,085,969 | ---- | M] (GMER) -- C:\windows\System32\drivers\gmer.sys
[2008/11/03 09:06:34 | 00,000,080 | ---- | M] () -- C:\windows\gmer_uninstall.cmd
[2008/11/03 07:53:39 | 00,500,574 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2008/11/03 07:53:39 | 00,421,358 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2008/11/03 07:53:39 | 00,070,474 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2008/11/03 07:52:17 | 03,859,880 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2008/11/03 03:41:34 | 00,113,152 | ---- | M] () -- C:\windows\System32\jkybmolm.dll
[2008/11/03 03:41:34 | 00,113,152 | ---- | M] () -- C:\windows\System32\djvapy.dll
[2008/11/03 03:38:46 | 01,493,938 | -HS- | M] () -- C:\windows\System32\rbvqcmcf.ini
[2008/11/03 03:38:36 | 00,002,262 | ---- | M] () -- C:\windows\Wininit.ini
[2008/11/02 21:43:32 | 00,034,176 | ---- | M] () -- C:\windows\System32\tuvUlijh.dll
[2008/11/02 21:43:32 | 00,034,176 | ---- | M] () -- C:\windows\System32\qoMebbyV.dll
[2008/11/02 21:38:35 | 00,113,152 | ---- | M] () -- C:\windows\System32\zrgvzc.dll
[2008/11/02 21:38:35 | 00,113,152 | ---- | M] () -- C:\windows\System32\ujlielgf.dll
[2008/11/02 21:36:44 | 01,489,903 | -HS- | M] () -- C:\windows\System32\gjeiccwh.ini
[2008/11/02 21:35:33 | 00,269,824 | ---- | M] () -- C:\windows\System32\awttsqRj.dll
[2008/11/02 21:30:26 | 00,040,960 | ---- | M] () -- C:\windows\System32\rqRHyyAR.dll
[2008/11/02 16:23:00 | 00,000,000 | ---- | M] () -- C:\windows\nsreg.dat
[2008/10/31 14:28:00 | 00,917,353 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\S20-30.pdf
[2008/10/31 14:28:00 | 00,064,537 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\skinlaboratory_logo.ai
[2008/10/30 09:43:23 | 00,687,216 | ---- | M] () -- C:\Documents and Settings\ali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/30 09:39:37 | 00,000,376 | ---- | M] () -- C:\windows\ODBC.INI
[2008/10/30 00:41:14 | 00,097,817 | ---- | M] () -- C:\windows\update.3470.exe
[2008/10/29 07:02:01 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2008/10/27 21:04:41 | 00,056,832 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\Re University Park Reading By 9.msg
[2008/10/27 21:04:13 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\RE Co-room moms.msg
[2008/10/25 16:03:14 | 01,140,291 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\FEDERATION GRADIENT DISSOLVE TEXT.ai
[2008/10/24 09:10:22 | 00,593,168 | ---- | M] () -- C:\windows\ATMREG.ATM
[2008/10/24 08:36:44 | 00,684,208 | ---- | M] () -- C:\Documents and Settings\ali\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/24 07:08:49 | 00,078,336 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\NOV 6 SITE COUNCIL WORKSHOP.msg
[2008/10/23 10:36:26 | 00,000,043 | ---- | M] () -- C:\windows\gswin32.ini
< End of report >


OTViewIt Extras logfile created on: 11/3/2008 8:46:04 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\ali\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.36% Memory free
3.85 Gb Paging File | 3.21 Gb Available in Paging File | 83.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 742.39 Gb Total Space | 709.57 Gb Free Space | 95.58% Space Free | Partition Type: NTFS
Drive D: | 684.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 149.01 Gb Total Space | 57.05 Gb Free Space | 38.28% Space Free | Partition Type: FAT32

Computer Name: MAMABEAR
Current User Name: ali
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=1
""=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/04/22 19:29:34 | 00,088,824 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/29 13:42:10 | 00,122,880 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2007/04/22 19:29:34 | 00,088,824 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9
File not found -- C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3
File not found -- C:\Program Files\Ares\Ares.exe:*:Enabled:Ares
[2004/08/04 04:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2008/02/08 10:08:56 | 00,072,280 | ---- | M] (Kaspersky Lab) -- C:\kav\kis\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup
[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/08/14 11:55:36 | 00,081,920 | ---- | M] () -- C:\Program Files\YouSendIt\Express\YouSendIt.exe:*:Enabled:YouSendIt

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\system32\imon.dll (Eset )

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 02:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/02/20 16:32:28 | 00,953,032 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/02/20 16:32:28 | 00,953,032 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/02/20 16:32:28 | 00,953,032 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 17:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/02/23 17:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{0725C68F-FD3A-4476-BDA0-C002C7FE307C}"=BlackBerry Desktop Software 4.2.2
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series"=Canon iP1800 series
"{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}"=RemoteCapture 2.7.5
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{20DFF861-31EE-41F6-98D5-0A992AE7D116}"=YouSendIt Plug-in for Outlook
"{2236B741-6631-49AE-B76E-3E14CA01CC87}"=RemoteCapture Task
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{2792F12C-3515-4D69-8083-B557AF35F06F}"=LightScribe 1.4.89.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}"=File Viewer Utility 1.3.2
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3E270C95-8327-4C2F-A8E1-902CC2604A20}"=HP Photo and Imaging 2.3 - Scanjet 4600 Series
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}"=Microsoft Windows Journal Viewer
"{448D4571-7F73-2234-FD9D-0CD8A2ECDA43}"=MyFonts Order M1027786
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}"=Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}"=HP Unload DLL Patch
"{596F2287-ACD9-4E5F-978C-43A00A7A98B8}"=BlackBerry v4.2.1 for the 8800 Series Wireless Handheld
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}"=Roxio Media Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}"=Microsoft Office Converter Pack
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{71C97545-E547-4A8B-B0C8-61FF853270AC}"=PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7374C760-F6DC-11D3-B526-006097B06BE3}"=StuffIt 7.0
"{74828B74-E9CF-3DA3-F491-7BBDC4DFA501}"=MyFonts Order M860164
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}"=Adobe ExtendScript Toolkit 2
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{7F4C8163-F259-49A0-A018-2857A90578BC}"=Adobe InDesign CS2
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{84B2CF01-194D-2284-B313-F2E0D78D1033}"=Nero 7 Demo
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}"=Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E58A7F5-1866-6795-C722-850A89FD15BB}"=MyFonts Order M798108
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{90260409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Web Components
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{90840409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Word Viewer 2003
"{938DB54D-B302-4594-A782-32219F1734AB}"=Canon Camera WIA Driver
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9F205DAD-67B7-407F-EC00-834C17B2CF2E}"=MyFonts Order M719128
"{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}"=Camera Window
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000002}"=Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}"=Adobe Illustrator CS2
"{B376402D-58EA-45EA-BD50-DD924EB67A70}"=HP Memories Disc
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BE99B4DC-754E-4D40-AFA6-AB43248231EC}"=Canon Camera WIA Driver
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}"=Canon Utilities ZoomBrowser EX
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}"=Microsoft IntelliType Pro 6.1
"{C774410D-3EF9-4DE7-AC01-332613163ECF}"=Kaspersky Internet Security 7.0
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CBB6F775-E76E-49F7-98D3-1519414B1E4B}"=YouSendIt Express
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}"=WinZip 11.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine
"{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA}"=Canon Camera WIA Driver
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EBCB6F78-F9F8-3362-9BA0-804DCF24773F}"=MyFonts Order M791270
"{ECE0113B-23D0-4DD8-89E6-D2F026CABF03}"=ACDSee 7.0
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}"=PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}"=RAW Image Task
"Adobe Acrobat 7.0 Professional"=Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2"=Adobe Illustrator CS2
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}"=Adobe InDesign CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe SVG Viewer"=Adobe SVG Viewer 3.0
"Adobe Type Manager Deluxe 4.1"=Adobe Type Manager Deluxe 4.1
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_a04a925a57548091300ada368235fc6"=Adobe Illustrator CS3
"AFPL Ghostscript 8.50"=AFPL Ghostscript 8.50
"AFPL Ghostscript Fonts"=AFPL Ghostscript Fonts
"ArtRage_is1"=ArtRage 2.2
"AV Bros. Page Curl Pro 2.2"=AV Bros. Page Curl Pro 2.2 (Remove Only)
"AV Bros. Puzzle Pro 2.2"=AV Bros. Puzzle Pro 2.2 (Remove Only)
"B/W Styler 1.01"=B/W Styler 1.01
"BlackBerry_{0725C68F-FD3A-4476-BDA0-C002C7FE307C}"=BlackBerry Desktop Software 4.2.2
"Blow Up"=Alien Skin Blow Up
"Canon iP1800 series User Registration"=Canon iP1800 series User Registration
"CanonMyPrinter"=Canon My Printer
"CCleaner"=CCleaner (remove only)
"CoreAAC Audio Decoder"=CoreAAC Audio Decoder (remove only)
"CyberScrub Trial Edition 3.5"=CyberScrub Trial Edition 3.5
"DangerZ Multi-Unzip_is1"=DzMultiU 1.0
"DCE Tools (Adobe Photoshop Plug-ins)_is1"=DCE Tools 1.0
"Easy-LayoutPrint"=Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Exposure"=Alien Skin Exposure
"EyeCandy5Nature"=Alien Skin Eye Candy 5 Nature
"EyeCandy5Textures"=Alien Skin Eye Candy 5 Textures
"HijackThis"=HijackThis 2.0.2
"hp instant support"=hp instant support
"InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}"=Canon Utilities RemoteCapture 2.7
"InstallShield_{20DFF861-31EE-41F6-98D5-0A992AE7D116}"=YouSendIt Plug-in for Outlook
"InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87}"=Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}"=Canon Utilities File Viewer Utility 1.3
"InstallShield_{938DB54D-B302-4594-A782-32219F1734AB}"=Canon PowerShot S45 WIA Driver
"InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}"=Canon Camera Window for ZoomBrowser EX
"InstallShield_{BE99B4DC-754E-4D40-AFA6-AB43248231EC}"=Canon PowerShot G3 WIA Driver
"InstallShield_{CBB6F775-E76E-49F7-98D3-1519414B1E4B}"=YouSendIt Express
"InstallShield_{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA}"=Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}"=Canon Utilities PhotoStitch 3.1
"InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}"=Canon RAW Image Task for ZoomBrowser EX
"InstallWIX_{C774410D-3EF9-4DE7-AC01-332613163ECF}"=Kaspersky Internet Security 7.0
"j2 Messenger"=j2 Messenger
"KPT effects"=KPT® effects™
"KPT Vector Effects 1.5"=KPT Vector Effects 1.5
"LimeWire"=LimeWire PRO 4.12.11
"LIPSP2QFE"=Windows XP SP2 LIP update
"LiveReg"=LiveReg (Symantec Corporation)
"LiveUpdate1.6"=LiveUpdate 1.6 (Symantec Corporation)
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NfoDiz 6.0 Setup"=NfoDiz 6.0 Setup
"nik Sharpener Pro 2.0 Complete"=nik Sharpener Pro 2.0 Complete
"Norton Speed Disk"=Norton Speed Disk 6.0 for Windows NT
"Norton Utilities"=Norton Utilities 2002 for Windows
"NVIDIA Drivers"=NVIDIA Drivers
"OcaHistoryUpd"=OCA Client history tool install
"Path Styler Pro AI"=Shinycore Path Styler Pro 1.11 for Illustrator
"Path Styler Pro PS"=Shinycore Path Styler Pro 1.11 for Photoshop
"PhotoRecord"=Canon PhotoRecord
"PhotoWatermark Professional_is1"=PhotoWatermark Professional 7
"PicaView"=PicaView
"Printer's Apprentice"=Printer's Apprentice
"PROSet"=Intel® PRO Network Connections Drivers
"RAR Password Cracker"=RAR Password Cracker (remove only)
"SimpleOCR 3.1"=SimpleOCR 3.1
"SystemRequirementsLab"=System Requirements Lab
"THX Picture and Sound Optimizer"=THX Picture and Sound Optimizer
"WGA"=Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"Wise Registry Cleaner_is1"=Wise Registry Cleaner 2.4
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WS_FTP Pro"=Ipswitch WS_FTP Pro
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenofex2"=Alien Skin Xenofex 2.0
"Yahoo! Messenger"=Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/3/2008 12:02:16 PM | Computer Name = MAMABEAR | Source = Application Hang | ID = 1002
Description = Hanging application Azureus.exe, version 4.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/3/2008 12:07:15 PM | Computer Name = MAMABEAR | Source = Application Error | ID = 1000
Description = Faulting application tempo-97B.tmp, version 0.0.0.0, faulting module
tempo-97B.tmp, version 0.0.0.0, fault address 0x00001179.

Error - 11/3/2008 12:25:28 PM | Computer Name = MAMABEAR | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application outlook.exe, version 10.0.2616.0, faulting module
unknown, version 0.0.0.0, fault address 0x0002028f.

Error - 11/3/2008 1:39:21 PM | Computer Name = MAMABEAR | Source = Application Error | ID = 1000
Description = Faulting application tempo-1D9.tmp, version 0.0.0.0, faulting module
tempo-1D9.tmp, version 0.0.0.0, fault address 0x00001179.

Error - 11/3/2008 3:39:35 PM | Computer Name = MAMABEAR | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.2627.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/3/2008 3:46:48 PM | Computer Name = MAMABEAR | Source = Application Error | ID = 1000
Description = Faulting application tempo-75B.tmp, version 0.0.0.0, faulting module
tempo-75B.tmp, version 0.0.0.0, fault address 0x00001179.

Error - 11/3/2008 3:50:52 PM | Computer Name = MAMABEAR | Source = Application Error | ID = 1000
Description = Faulting application silent.exe, version 0.0.0.0, faulting module
silent.exe, version 0.0.0.0, fault address 0x000021e4.

Error - 11/3/2008 6:29:55 PM | Computer Name = MAMABEAR | Source = Application Hang | ID = 1002
Description = Hanging application avz.exe, version 4.28.0.66, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/3/2008 8:36:19 PM | Computer Name = MAMABEAR | Source = Application Error | ID = 1000
Description = Faulting application tempo-46B.tmp, version 0.0.0.0, faulting module
tempo-46B.tmp, version 0.0.0.0, fault address 0x00001179.

Error - 11/3/2008 9:36:52 PM | Computer Name = MAMABEAR | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module kernel32.dll, version 5.1.2600.2945, fault address 0x0000976f.

[ System Events ]
Error - 11/3/2008 5:37:40 PM | Computer Name = MAMABEAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/3/2008 5:44:25 PM | Computer Name = MAMABEAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/3/2008 5:44:28 PM | Computer Name = MAMABEAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/3/2008 5:45:44 PM | Computer Name = MAMABEAR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm kl1 klif

Error - 11/3/2008 5:48:24 PM | Computer Name = MAMABEAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/3/2008 5:49:33 PM | Computer Name = MAMABEAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/3/2008 5:52:49 PM | Computer Name = MAMABEAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/3/2008 5:53:16 PM | Computer Name = MAMABEAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/3/2008 5:54:23 PM | Computer Name = MAMABEAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/3/2008 11:55:06 PM | Computer Name = MAMABEAR | Source = Service Control Manager | ID = 7031
Description = The Kaspersky Internet Security 7.0 service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
0 milliseconds: Restart the service.


< End of report >





there you are! make your magic.
alison
wink, wink. :thumbsup:

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:16 PM

Posted 04 November 2008 - 10:18 AM

We are probably looking at a couple steps to get everything cleaned up, but this is the first one.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 soberalison

soberalison
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 04 November 2008 - 10:22 AM

ok,
be back in a minute.
alison

xoxoxox

#6 soberalison

soberalison
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 04 November 2008 - 10:28 AM

ComboFix 08-11-03.06 - ali 2008-11-04 7:23:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1503 [GMT -8:00]
Running from: c:\documents and settings\ali\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 )))))))))))))))))))))))))))))))
.

2008-11-03 18:13 . 2008-11-03 18:13 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-03 11:51 . 2008-11-03 11:51 <DIR> d-------- C:\Deckard
2008-11-03 11:42 . 2008-11-03 11:42 <DIR> d-------- c:\documents and settings\ali\Application Data\AdobeUM
2008-11-03 11:20 . 2008-11-03 11:38 <DIR> d-------- c:\windows\BDOSCAN8
2008-11-03 11:11 . 2008-11-03 18:30 <DIR> d-------- c:\program files\Windows Live Toolbar
2008-11-03 11:11 . 2008-11-03 11:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2008-11-03 09:06 . 2008-11-03 11:51 <DIR> d-------- c:\program files\trend micro
2008-11-03 09:06 . 2008-11-03 09:06 250 --a------ c:\windows\gmer.ini
2008-11-03 08:20 . 2008-11-03 13:05 <DIR> d-------- C:\!KillBox
2008-11-02 21:43 . 2008-11-02 21:43 34,176 --a------ c:\windows\system32\tuvUlijh.dll
2008-11-02 21:43 . 2008-11-02 21:43 34,176 --a------ c:\windows\system32\qoMebbyV.dll
2008-11-02 21:30 . 2008-11-02 21:30 34,176 --a------ c:\windows\system32\xxyvuUOF.dll
2008-11-02 21:30 . 2008-11-02 21:30 34,176 --a------ c:\windows\system32\cbXpppNH.dll
2008-11-02 16:23 . 2008-11-02 16:23 0 --a------ c:\windows\nsreg.dat
2008-11-02 00:40 . 2008-11-03 08:07 <DIR> d-------- c:\documents and settings\ali\Application Data\uTorrent
2008-11-02 00:30 . 2008-11-02 00:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus
2008-11-02 00:30 . 2008-11-03 08:04 <DIR> d-------- c:\documents and settings\ali\Application Data\Azureus
2008-10-30 00:41 . 2008-10-30 00:41 97,817 --a------ c:\windows\update.3470.exe
2008-10-21 11:25 . 2008-10-21 11:25 258 --a------ c:\windows\hpqcopy.INI
2008-10-08 07:05 . 2008-10-08 07:05 <DIR> d-------- c:\program files\iPod
2008-10-08 07:05 . 2008-10-08 07:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 19:19 . 2008-10-06 19:19 <DIR> d-------- c:\windows\IPAFONTS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 15:24 6,591,264 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-04 15:24 102,007,840 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-04 15:10 622,772 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-04 15:10 1,372,172 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-04 15:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-04 03:44 --------- d-----w c:\program files\Google
2008-11-04 02:13 --------- d-----w c:\program files\Java
2008-11-03 21:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-03 20:21 --------- d-----w c:\program files\Norton Utilities
2008-11-03 18:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-30 17:58 --------- d-----w c:\program files\YouSendIt
2008-10-24 16:36 684,208 -c--a-w c:\documents and settings\ali\Application Data\GDIPFONTCACHEV1.DAT
2008-10-17 15:51 --------- d-----w c:\program files\CyberScrub
2008-10-08 15:05 --------- d-----w c:\program files\iTunes
2008-10-06 14:36 --------- d-----w c:\program files\Brother
2008-10-01 15:14 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-22 16:20 --------- d-----w c:\documents and settings\ali\Application Data\YouSendIt
2008-09-10 16:07 --------- d-----w c:\program files\QuickTime
2008-09-10 16:07 --------- d-----w c:\program files\Common Files\Apple
2008-09-10 16:07 --------- d-----w c:\program files\Bonjour
2008-08-29 17:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w c:\windows\system32\dnssd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-03 136600]

c:\documents and settings\ali\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\38f4fdcc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\kav\\kis\\setup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\YouSendIt\\Express\\YouSendIt.exe"=

R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-11-03 152984]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
S3 RimSerPort;RIM Virtual Serial Port;c:\windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com l:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fdd138a-d966-11db-a261-001a922d71a1}]
\Shell\AutoRun\command - K:\setup.cmd
.
Contents of the 'Scheduled Tasks' folder

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-06-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 16:08]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.guru.com/login.cfm
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://prostores3.megawebservers.com/storeadmin/utilities/pssbedit.cab
c:\windows\Downloaded Program Files\pssbedit.inf
c:\windows\system32\XTE.dll
c:\windows\Downloaded Program Files\pssbedit.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 07:24:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-04 7:25:29
ComboFix-quarantined-files.txt 2008-11-04 15:25:20
ComboFix2.txt 2008-11-04 15:14:34

Pre-Run: 762,725,871,616 bytes free
Post-Run: 770,506,457,088 bytes free

146

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:16 PM

Posted 04 November 2008 - 10:42 AM

You still don't have the recovery console installed. This is our safety net in case something goes wrong and you can't boot up your computer normally. You really should install it per the instructions.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
c:\windows\system32\tuvUlijh.dll
c:\windows\system32\qoMebbyV.dll
c:\windows\system32\xxyvuUOF.dll
c:\windows\system32\cbXpppNH.dll
c:\windows\update.3470.exe
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


==============


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 soberalison

soberalison
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 04 November 2008 - 10:49 AM

ComboFix 08-11-03.06 - ali 2008-11-04 7:46:11.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1477 [GMT -8:00]
Running from: c:\documents and settings\ali\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ali\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 )))))))))))))))))))))))))))))))
.

2008-11-03 18:13 . 2008-11-03 18:13 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-03 11:51 . 2008-11-03 11:51 <DIR> d-------- C:\Deckard
2008-11-03 11:42 . 2008-11-03 11:42 <DIR> d-------- c:\documents and settings\ali\Application Data\AdobeUM
2008-11-03 11:20 . 2008-11-03 11:38 <DIR> d-------- c:\windows\BDOSCAN8
2008-11-03 11:11 . 2008-11-03 18:30 <DIR> d-------- c:\program files\Windows Live Toolbar
2008-11-03 11:11 . 2008-11-03 11:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2008-11-03 09:06 . 2008-11-03 11:51 <DIR> d-------- c:\program files\trend micro
2008-11-03 09:06 . 2008-11-03 09:06 250 --a------ c:\windows\gmer.ini
2008-11-03 08:20 . 2008-11-03 13:05 <DIR> d-------- C:\!KillBox
2008-11-02 16:23 . 2008-11-02 16:23 0 --a------ c:\windows\nsreg.dat
2008-11-02 00:40 . 2008-11-03 08:07 <DIR> d-------- c:\documents and settings\ali\Application Data\uTorrent
2008-11-02 00:30 . 2008-11-02 00:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus
2008-11-02 00:30 . 2008-11-03 08:04 <DIR> d-------- c:\documents and settings\ali\Application Data\Azureus
2008-10-21 11:25 . 2008-10-21 11:25 258 --a------ c:\windows\hpqcopy.INI
2008-10-08 07:05 . 2008-10-08 07:05 <DIR> d-------- c:\program files\iPod
2008-10-08 07:05 . 2008-10-08 07:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 19:19 . 2008-10-06 19:19 <DIR> d-------- c:\windows\IPAFONTS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 15:47 6,597,920 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-04 15:47 102,174,496 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-04 15:10 622,772 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-04 15:10 1,372,172 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-04 15:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-04 03:44 --------- d-----w c:\program files\Google
2008-11-04 02:13 --------- d-----w c:\program files\Java
2008-11-03 21:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-03 20:21 --------- d-----w c:\program files\Norton Utilities
2008-11-03 18:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-30 17:58 --------- d-----w c:\program files\YouSendIt
2008-10-24 16:36 684,208 -c--a-w c:\documents and settings\ali\Application Data\GDIPFONTCACHEV1.DAT
2008-10-17 15:51 --------- d-----w c:\program files\CyberScrub
2008-10-08 15:05 --------- d-----w c:\program files\iTunes
2008-10-06 14:36 --------- d-----w c:\program files\Brother
2008-10-01 15:14 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-22 16:20 --------- d-----w c:\documents and settings\ali\Application Data\YouSendIt
2008-09-10 16:07 --------- d-----w c:\program files\QuickTime
2008-09-10 16:07 --------- d-----w c:\program files\Common Files\Apple
2008-09-10 16:07 --------- d-----w c:\program files\Bonjour
2008-08-29 17:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w c:\windows\system32\dnssd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-03 136600]

c:\documents and settings\ali\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\kav\\kis\\setup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\YouSendIt\\Express\\YouSendIt.exe"=

R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-11-03 152984]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
S3 RimSerPort;RIM Virtual Serial Port;c:\windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
.
Contents of the 'Scheduled Tasks' folder

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-06-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 16:08]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 07:47:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-04 7:48:00
ComboFix-quarantined-files.txt 2008-11-04 15:47:56
ComboFix2.txt 2008-11-04 15:40:23
ComboFix3.txt 2008-11-04 15:25:31
ComboFix4.txt 2008-11-04 15:14:34

Pre-Run: 770,523,193,344 bytes free
Post-Run: 770,505,977,856 bytes free

119

#9 soberalison

soberalison
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 04 November 2008 - 11:04 AM

Malwarebytes' Anti-Malware 1.30
Database version: 1363
Windows 5.1.2600 Service Pack 2

11/4/2008 8:03:55 AM
mbam-log-2008-11-04 (08-03-55).txt

Scan type: Quick Scan
Objects scanned: 57160
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:16 PM

Posted 04 November 2008 - 11:05 AM

Your logs are not making sense. Please post a new log from OTViewIt.

Edited by Buckeye_Sam, 04 November 2008 - 11:06 AM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 soberalison

soberalison
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 04 November 2008 - 11:07 AM

doing it now.
:thumbsup:

#12 soberalison

soberalison
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 04 November 2008 - 11:10 AM

Malwarebytes' Anti-Malware 1.30
Database version: 1363
Windows 5.1.2600 Service Pack 2

11/4/2008 8:08:12 AM
mbam-log-2008-11-04 (08-08-12).txt

Scan type: Quick Scan
Objects scanned: 57249
Time elapsed: 1 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

::::::::::::::::::::::::::::::::


OTViewIt logfile created on: 11/4/2008 8:08:49 AM - Run 3
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\ali\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.25% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 742.39 Gb Total Space | 717.60 Gb Free Space | 96.66% Space Free | Partition Type: NTFS
Drive D: | 684.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 149.01 Gb Total Space | 57.07 Gb Free Space | 38.30% Space Free | Partition Type: FAT32

Computer Name: MAMABEAR
Current User Name: ali
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/10/14 11:02:02 | 00,670,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
[2006/11/21 16:08:58 | 00,813,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
[2008/11/03 18:13:41 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/06/28 11:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/11/03 18:13:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/04/24 20:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2001/02/23 09:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
[2001/08/10 05:00:00 | 00,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities\NPROTECT.EXE
[2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2001/08/09 05:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Speed Disk\NOPDB.EXE
[2004/08/04 04:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2001/02/17 22:35:08 | 00,046,496 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
[2004/08/04 04:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2004/08/04 04:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/10/22 16:10:20 | 01,261,200 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
[2008/11/03 20:45:34 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ali\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/04/26 20:13:30 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2005/09/23 14:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2000/05/24 14:20:36 | 00,015,360 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc [Disabled | Stopped])
[2007/06/28 11:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -- (AVP [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/09/23 14:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/09/24 21:34:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2005/10/14 11:02:02 | 00,670,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/11/03 18:13:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/04/24 20:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2001/02/23 09:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
[2000/08/06 00:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [On_Demand | Stopped])
[2000/08/06 00:50:18 | 00,065,602 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2001/08/10 05:00:00 | 00,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities\NPROTECT.EXE -- (NProtectService [Auto | Running])
[2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/04/22 19:29:34 | 00,088,824 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/04/22 19:29:32 | 00,359,160 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2007/04/23 10:43:54 | 00,310,008 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2007/04/23 10:43:46 | 01,010,424 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2007/04/23 10:43:54 | 00,166,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2001/08/09 05:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Speed Disk\NOPDB.EXE -- (Speed Disk service [Auto | Running])
[2000/08/06 00:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/10/28 12:39:11 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\windows\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2004/10/15 11:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2005/06/13 16:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/11/03 09:06:34 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2005/01/08 00:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/10/14 11:00:36 | 00,101,760 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
[2005/10/14 11:01:56 | 00,029,440 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass [System | Running])
[2005/10/14 11:00:26 | 00,022,016 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm [System | Running])
[2006/12/21 20:26:48 | 04,405,248 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/02/07 18:52:58 | 00,006,912 | ---- | M] (JMicron ) -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO [Boot | Running])
[2006/08/23 13:54:22 | 00,042,752 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID [Boot | Running])
[2004/08/03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/05/28 06:45:20 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2008/04/28 09:04:35 | 00,194,320 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (klif [System | Running])
[2007/04/04 13:58:26 | 00,024,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2004/08/13 01:56:20 | 00,005,810 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2001/08/10 05:00:00 | 00,034,354 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver [On_Demand | Running])
[2007/06/28 23:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/04/24 16:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/04/24 16:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2006/02/17 10:28:30 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/02/17 10:28:32 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/04/24 16:52:36 | 00,082,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
[2007/04/27 15:44:01 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/23 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimSerPort [On_Demand | Stopped])
[2006/11/07 18:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2004/08/04 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2004/08/04 04:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/27 22:08:30 | 00,057,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2004/08/04 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.guru.com/login.cfm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=yaho

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.guru.com/login.cfm

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=yaho

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)

========== (O4) Startup Folders ==========

[2005/03/16 18:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\ali\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\MenuExt\]
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web Anti-Virus statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [2007/06/28 11:51:52 | 00,222,472 | ---- | M] (Kaspersky Lab)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> [2007/06/28 11:51:52 | 00,222,472 | ---- | M] (Kaspersky Lab)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> [2007/06/28 11:51:52 | 00,222,472 | ---- | M] (Kaspersky Lab)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{49232000-16E4-426C-A231-62846947304B}: http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab -- SysData Class
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab -- System Requirements Lab Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{F73BE1F4-82AA-4405-AB81-FAFB5A122359}: http://prostores3.megawebservers.com/store...es/pssbedit.cab -- SiteBuilderEditor Class
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{26236645-CE99-480C-8124-A919ECDF33AE} (Servers: | Description: NVIDIA nForce Networking Controller)
{51D99EDA-3B14-4234-8424-F3B40C772BE4} (Servers: | Description: Intel® PRO/100+ Management Adapter)
{C66A795B-C264-4FC4-B0FC-7BD723C42775} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Files/Folders - Created Within 30 Days ==========

[2008/11/04 07:50:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\Malwarebytes
[2008/11/04 07:50:21 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2008/11/04 07:50:21 | 00,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/04 07:50:19 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2008/11/04 07:50:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/04 07:50:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/04 07:45:39 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/11/04 07:43:59 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ali\Desktop\mbam-setup.exe
[2008/11/04 07:07:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2008/11/04 07:07:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2008/11/04 07:07:14 | 00,098,816 | ---- | C] () -- C:\windows\sed.exe
[2008/11/04 07:07:14 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\windows\fdsv.exe
[2008/11/04 07:07:14 | 00,080,412 | ---- | C] () -- C:\windows\grep.exe
[2008/11/04 07:07:14 | 00,068,096 | ---- | C] () -- C:\windows\zip.exe
[2008/11/04 07:07:14 | 00,049,152 | ---- | C] () -- C:\windows\VFIND.exe
[2008/11/04 07:07:14 | 00,028,672 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2008/11/04 07:07:13 | 00,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2008/11/04 07:07:10 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/11/04 06:58:59 | 03,024,598 | R--- | C] () -- C:\Documents and Settings\ali\Desktop\ComboFix.exe
[2008/11/03 20:45:33 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ali\Desktop\OTViewIt.exe
[2008/11/03 19:38:20 | 00,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\ali\Desktop\KillBox.exe
[2008/11/03 18:30:35 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\Shortcut to HijackThis.exe.lnk
[2008/11/03 18:29:59 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/11/03 14:58:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Desktop\ANTIVIRUS AVZ 4 HARDCORE
[2008/11/03 13:55:29 | 21,459,51744 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/03 11:51:21 | 00,000,000 | ---D | C] -- C:\Deckard
[2008/11/03 11:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\AdobeUM
[2008/11/03 11:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2008/11/03 11:20:33 | 00,000,000 | ---D | C] -- C:\windows\BDOSCAN8
[2008/11/03 11:11:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2008/11/03 11:11:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Toolbar
[2008/11/03 09:54:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\My Documents\Updater
[2008/11/03 09:06:51 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/11/03 09:06:35 | 00,000,250 | ---- | C] () -- C:\windows\gmer.ini
[2008/11/03 09:06:34 | 00,884,736 | ---- | C] () -- C:\windows\gmer.dll
[2008/11/03 09:06:34 | 00,811,008 | ---- | C] () -- C:\windows\gmer.exe
[2008/11/03 09:06:34 | 00,085,969 | ---- | C] (GMER) -- C:\windows\System32\drivers\gmer.sys
[2008/11/03 09:06:34 | 00,000,080 | ---- | C] () -- C:\windows\gmer_uninstall.cmd
[2008/11/03 08:30:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\Adobe
[2008/11/03 08:20:54 | 00,000,000 | ---D | C] -- C:\!KillBox
[2008/11/02 16:23:00 | 00,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2008/11/02 16:22:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Local Settings\Application Data\Mozilla
[2008/11/02 00:40:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\uTorrent
[2008/11/02 00:30:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/11/02 00:30:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\Azureus
[2008/10/31 14:28:00 | 00,917,353 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\S20-30.pdf
[2008/10/31 14:28:00 | 00,064,537 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\skinlaboratory_logo.ai
[2008/10/27 21:04:41 | 00,056,832 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\Re University Park Reading By 9.msg
[2008/10/27 21:04:13 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\RE Co-room moms.msg
[2008/10/25 16:03:10 | 01,140,291 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\FEDERATION GRADIENT DISSOLVE TEXT.ai
[2008/10/24 07:08:49 | 00,078,336 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\NOV 6 SITE COUNCIL WORKSHOP.msg
[2008/10/23 09:46:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Desktop\New Folder
[2008/10/08 07:05:46 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/08 07:05:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/06 19:19:31 | 00,000,000 | ---D | C] -- C:\windows\IPAFONTS

========== Files - Modified Within 30 Days ==========

[6 C:\windows\System32\*.tmp files]
[2008/11/04 08:08:17 | 10,221,0336 | -HS- | M] () -- C:\windows\System32\drivers\fidbox.dat
[2008/11/04 07:50:21 | 06,598,688 | -HS- | M] () -- C:\windows\System32\drivers\fidbox2.dat
[2008/11/04 07:50:21 | 00,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/04 07:48:01 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2008/11/04 07:47:20 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2008/11/04 07:44:08 | 02,372,472 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ali\Desktop\mbam-setup.exe
[2008/11/04 07:12:17 | 00,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2008/11/04 07:11:49 | 00,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2008/11/04 07:11:42 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2008/11/04 07:11:39 | 21,459,51744 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/04 07:10:32 | 01,372,172 | -HS- | M] () -- C:\windows\System32\drivers\fidbox.idx
[2008/11/04 07:10:32 | 00,622,772 | -HS- | M] () -- C:\windows\System32\drivers\fidbox2.idx
[2008/11/04 06:58:26 | 03,024,598 | R--- | M] () -- C:\Documents and Settings\ali\Desktop\ComboFix.exe
[2008/11/03 20:45:34 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ali\Desktop\OTViewIt.exe
[2008/11/03 19:38:20 | 00,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\ali\Desktop\KillBox.exe
[2008/11/03 18:30:36 | 00,000,742 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\Shortcut to HijackThis.exe.lnk
[2008/11/03 17:05:55 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2008/11/03 16:48:17 | 00,000,858 | ---- | M] () -- C:\windows\win.ini
[2008/11/03 13:00:13 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/03 09:54:11 | 00,000,256 | ---- | M] () -- C:\windows\System32\pool.bin
[2008/11/03 09:06:35 | 00,000,250 | ---- | M] () -- C:\windows\gmer.ini
[2008/11/03 09:06:34 | 00,884,736 | ---- | M] () -- C:\windows\gmer.dll
[2008/11/03 09:06:34 | 00,085,969 | ---- | M] (GMER) -- C:\windows\System32\drivers\gmer.sys
[2008/11/03 09:06:34 | 00,000,080 | ---- | M] () -- C:\windows\gmer_uninstall.cmd
[2008/11/03 07:53:39 | 00,500,574 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2008/11/03 07:53:39 | 00,421,358 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2008/11/03 07:53:39 | 00,070,474 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2008/11/03 07:52:17 | 03,859,880 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2008/11/03 03:38:36 | 00,002,262 | ---- | M] () -- C:\windows\Wininit.ini
[2008/11/02 16:23:00 | 00,000,000 | ---- | M] () -- C:\windows\nsreg.dat
[2008/10/31 14:28:00 | 00,917,353 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\S20-30.pdf
[2008/10/31 14:28:00 | 00,064,537 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\skinlaboratory_logo.ai
[2008/10/30 09:43:23 | 00,687,216 | ---- | M] () -- C:\Documents and Settings\ali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/30 09:39:37 | 00,000,376 | ---- | M] () -- C:\windows\ODBC.INI
[2008/10/29 07:02:01 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2008/10/27 21:04:41 | 00,056,832 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\Re University Park Reading By 9.msg
[2008/10/27 21:04:13 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\RE Co-room moms.msg
[2008/10/25 16:03:14 | 01,140,291 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\FEDERATION GRADIENT DISSOLVE TEXT.ai
[2008/10/24 09:10:22 | 00,593,168 | ---- | M] () -- C:\windows\ATMREG.ATM
[2008/10/24 08:36:44 | 00,684,208 | ---- | M] () -- C:\Documents and Settings\ali\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/24 07:08:49 | 00,078,336 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\NOV 6 SITE COUNCIL WORKSHOP.msg
[2008/10/23 10:36:26 | 00,000,043 | ---- | M] () -- C:\windows\gswin32.ini
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
< End of report >

#13 soberalison

soberalison
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 04 November 2008 - 11:10 AM

Malwarebytes' Anti-Malware 1.30
Database version: 1363
Windows 5.1.2600 Service Pack 2

11/4/2008 8:08:12 AM
mbam-log-2008-11-04 (08-08-12).txt

Scan type: Quick Scan
Objects scanned: 57249
Time elapsed: 1 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

::::::::::::::::::::::::::::::::


OTViewIt logfile created on: 11/4/2008 8:08:49 AM - Run 3
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\ali\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.25% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 742.39 Gb Total Space | 717.60 Gb Free Space | 96.66% Space Free | Partition Type: NTFS
Drive D: | 684.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 149.01 Gb Total Space | 57.07 Gb Free Space | 38.30% Space Free | Partition Type: FAT32

Computer Name: MAMABEAR
Current User Name: ali
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/10/14 11:02:02 | 00,670,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
[2006/11/21 16:08:58 | 00,813,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
[2008/11/03 18:13:41 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/06/28 11:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/11/03 18:13:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/04/24 20:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2001/02/23 09:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
[2001/08/10 05:00:00 | 00,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities\NPROTECT.EXE
[2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2001/08/09 05:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Speed Disk\NOPDB.EXE
[2004/08/04 04:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2001/02/17 22:35:08 | 00,046,496 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
[2004/08/04 04:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2004/08/04 04:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/10/22 16:10:20 | 01,261,200 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
[2008/11/03 20:45:34 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ali\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/04/26 20:13:30 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2005/09/23 14:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2000/05/24 14:20:36 | 00,015,360 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc [Disabled | Stopped])
[2007/06/28 11:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -- (AVP [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/09/23 14:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/09/24 21:34:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2005/10/14 11:02:02 | 00,670,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/11/03 18:13:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/04/24 20:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2001/02/23 09:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
[2000/08/06 00:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [On_Demand | Stopped])
[2000/08/06 00:50:18 | 00,065,602 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2001/08/10 05:00:00 | 00,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities\NPROTECT.EXE -- (NProtectService [Auto | Running])
[2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/04/22 19:29:34 | 00,088,824 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/04/22 19:29:32 | 00,359,160 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2007/04/23 10:43:54 | 00,310,008 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2007/04/23 10:43:46 | 01,010,424 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2007/04/23 10:43:54 | 00,166,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2001/08/09 05:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Speed Disk\NOPDB.EXE -- (Speed Disk service [Auto | Running])
[2000/08/06 00:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/10/28 12:39:11 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\windows\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2004/10/15 11:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2005/06/13 16:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/11/03 09:06:34 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2005/01/08 00:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/10/14 11:00:36 | 00,101,760 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
[2005/10/14 11:01:56 | 00,029,440 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass [System | Running])
[2005/10/14 11:00:26 | 00,022,016 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm [System | Running])
[2006/12/21 20:26:48 | 04,405,248 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/02/07 18:52:58 | 00,006,912 | ---- | M] (JMicron ) -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO [Boot | Running])
[2006/08/23 13:54:22 | 00,042,752 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID [Boot | Running])
[2004/08/03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/05/28 06:45:20 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2008/04/28 09:04:35 | 00,194,320 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (klif [System | Running])
[2007/04/04 13:58:26 | 00,024,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2004/08/13 01:56:20 | 00,005,810 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2001/08/10 05:00:00 | 00,034,354 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver [On_Demand | Running])
[2007/06/28 23:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/04/24 16:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/04/24 16:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2006/02/17 10:28:30 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/02/17 10:28:32 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/04/24 16:52:36 | 00,082,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
[2007/04/27 15:44:01 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/23 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimSerPort [On_Demand | Stopped])
[2006/11/07 18:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2004/08/04 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2004/08/04 04:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/27 22:08:30 | 00,057,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2004/08/04 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.guru.com/login.cfm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=yaho

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.guru.com/login.cfm

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=yaho

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)

========== (O4) Startup Folders ==========

[2005/03/16 18:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\ali\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\MenuExt\]
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web Anti-Virus statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [2007/06/28 11:51:52 | 00,222,472 | ---- | M] (Kaspersky Lab)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> [2007/06/28 11:51:52 | 00,222,472 | ---- | M] (Kaspersky Lab)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> [2007/06/28 11:51:52 | 00,222,472 | ---- | M] (Kaspersky Lab)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{49232000-16E4-426C-A231-62846947304B}: http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab -- SysData Class
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab -- System Requirements Lab Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{F73BE1F4-82AA-4405-AB81-FAFB5A122359}: http://prostores3.megawebservers.com/store...es/pssbedit.cab -- SiteBuilderEditor Class
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{26236645-CE99-480C-8124-A919ECDF33AE} (Servers: | Description: NVIDIA nForce Networking Controller)
{51D99EDA-3B14-4234-8424-F3B40C772BE4} (Servers: | Description: Intel® PRO/100+ Management Adapter)
{C66A795B-C264-4FC4-B0FC-7BD723C42775} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Files/Folders - Created Within 30 Days ==========

[2008/11/04 07:50:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\Malwarebytes
[2008/11/04 07:50:21 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2008/11/04 07:50:21 | 00,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/04 07:50:19 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2008/11/04 07:50:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/04 07:50:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/04 07:45:39 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/11/04 07:43:59 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ali\Desktop\mbam-setup.exe
[2008/11/04 07:07:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2008/11/04 07:07:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2008/11/04 07:07:14 | 00,098,816 | ---- | C] () -- C:\windows\sed.exe
[2008/11/04 07:07:14 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\windows\fdsv.exe
[2008/11/04 07:07:14 | 00,080,412 | ---- | C] () -- C:\windows\grep.exe
[2008/11/04 07:07:14 | 00,068,096 | ---- | C] () -- C:\windows\zip.exe
[2008/11/04 07:07:14 | 00,049,152 | ---- | C] () -- C:\windows\VFIND.exe
[2008/11/04 07:07:14 | 00,028,672 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2008/11/04 07:07:13 | 00,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2008/11/04 07:07:10 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/11/04 06:58:59 | 03,024,598 | R--- | C] () -- C:\Documents and Settings\ali\Desktop\ComboFix.exe
[2008/11/03 20:45:33 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ali\Desktop\OTViewIt.exe
[2008/11/03 19:38:20 | 00,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\ali\Desktop\KillBox.exe
[2008/11/03 18:30:35 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\Shortcut to HijackThis.exe.lnk
[2008/11/03 18:29:59 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/11/03 14:58:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Desktop\ANTIVIRUS AVZ 4 HARDCORE
[2008/11/03 13:55:29 | 21,459,51744 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/03 11:51:21 | 00,000,000 | ---D | C] -- C:\Deckard
[2008/11/03 11:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\AdobeUM
[2008/11/03 11:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2008/11/03 11:20:33 | 00,000,000 | ---D | C] -- C:\windows\BDOSCAN8
[2008/11/03 11:11:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2008/11/03 11:11:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Toolbar
[2008/11/03 09:54:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\My Documents\Updater
[2008/11/03 09:06:51 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/11/03 09:06:35 | 00,000,250 | ---- | C] () -- C:\windows\gmer.ini
[2008/11/03 09:06:34 | 00,884,736 | ---- | C] () -- C:\windows\gmer.dll
[2008/11/03 09:06:34 | 00,811,008 | ---- | C] () -- C:\windows\gmer.exe
[2008/11/03 09:06:34 | 00,085,969 | ---- | C] (GMER) -- C:\windows\System32\drivers\gmer.sys
[2008/11/03 09:06:34 | 00,000,080 | ---- | C] () -- C:\windows\gmer_uninstall.cmd
[2008/11/03 08:30:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\Adobe
[2008/11/03 08:20:54 | 00,000,000 | ---D | C] -- C:\!KillBox
[2008/11/02 16:23:00 | 00,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2008/11/02 16:22:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Local Settings\Application Data\Mozilla
[2008/11/02 00:40:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\uTorrent
[2008/11/02 00:30:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/11/02 00:30:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\Azureus
[2008/10/31 14:28:00 | 00,917,353 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\S20-30.pdf
[2008/10/31 14:28:00 | 00,064,537 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\skinlaboratory_logo.ai
[2008/10/27 21:04:41 | 00,056,832 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\Re University Park Reading By 9.msg
[2008/10/27 21:04:13 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\RE Co-room moms.msg
[2008/10/25 16:03:10 | 01,140,291 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\FEDERATION GRADIENT DISSOLVE TEXT.ai
[2008/10/24 07:08:49 | 00,078,336 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\NOV 6 SITE COUNCIL WORKSHOP.msg
[2008/10/23 09:46:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Desktop\New Folder
[2008/10/08 07:05:46 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/08 07:05:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/06 19:19:31 | 00,000,000 | ---D | C] -- C:\windows\IPAFONTS

========== Files - Modified Within 30 Days ==========

[6 C:\windows\System32\*.tmp files]
[2008/11/04 08:08:17 | 10,221,0336 | -HS- | M] () -- C:\windows\System32\drivers\fidbox.dat
[2008/11/04 07:50:21 | 06,598,688 | -HS- | M] () -- C:\windows\System32\drivers\fidbox2.dat
[2008/11/04 07:50:21 | 00,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/04 07:48:01 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2008/11/04 07:47:20 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2008/11/04 07:44:08 | 02,372,472 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ali\Desktop\mbam-setup.exe
[2008/11/04 07:12:17 | 00,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2008/11/04 07:11:49 | 00,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2008/11/04 07:11:42 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2008/11/04 07:11:39 | 21,459,51744 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/04 07:10:32 | 01,372,172 | -HS- | M] () -- C:\windows\System32\drivers\fidbox.idx
[2008/11/04 07:10:32 | 00,622,772 | -HS- | M] () -- C:\windows\System32\drivers\fidbox2.idx
[2008/11/04 06:58:26 | 03,024,598 | R--- | M] () -- C:\Documents and Settings\ali\Desktop\ComboFix.exe
[2008/11/03 20:45:34 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ali\Desktop\OTViewIt.exe
[2008/11/03 19:38:20 | 00,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\ali\Desktop\KillBox.exe
[2008/11/03 18:30:36 | 00,000,742 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\Shortcut to HijackThis.exe.lnk
[2008/11/03 17:05:55 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2008/11/03 16:48:17 | 00,000,858 | ---- | M] () -- C:\windows\win.ini
[2008/11/03 13:00:13 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/03 09:54:11 | 00,000,256 | ---- | M] () -- C:\windows\System32\pool.bin
[2008/11/03 09:06:35 | 00,000,250 | ---- | M] () -- C:\windows\gmer.ini
[2008/11/03 09:06:34 | 00,884,736 | ---- | M] () -- C:\windows\gmer.dll
[2008/11/03 09:06:34 | 00,085,969 | ---- | M] (GMER) -- C:\windows\System32\drivers\gmer.sys
[2008/11/03 09:06:34 | 00,000,080 | ---- | M] () -- C:\windows\gmer_uninstall.cmd
[2008/11/03 07:53:39 | 00,500,574 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2008/11/03 07:53:39 | 00,421,358 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2008/11/03 07:53:39 | 00,070,474 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2008/11/03 07:52:17 | 03,859,880 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2008/11/03 03:38:36 | 00,002,262 | ---- | M] () -- C:\windows\Wininit.ini
[2008/11/02 16:23:00 | 00,000,000 | ---- | M] () -- C:\windows\nsreg.dat
[2008/10/31 14:28:00 | 00,917,353 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\S20-30.pdf
[2008/10/31 14:28:00 | 00,064,537 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\skinlaboratory_logo.ai
[2008/10/30 09:43:23 | 00,687,216 | ---- | M] () -- C:\Documents and Settings\ali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/30 09:39:37 | 00,000,376 | ---- | M] () -- C:\windows\ODBC.INI
[2008/10/29 07:02:01 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2008/10/27 21:04:41 | 00,056,832 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\Re University Park Reading By 9.msg
[2008/10/27 21:04:13 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\RE Co-room moms.msg
[2008/10/25 16:03:14 | 01,140,291 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\FEDERATION GRADIENT DISSOLVE TEXT.ai
[2008/10/24 09:10:22 | 00,593,168 | ---- | M] () -- C:\windows\ATMREG.ATM
[2008/10/24 08:36:44 | 00,684,208 | ---- | M] () -- C:\Documents and Settings\ali\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/24 07:08:49 | 00,078,336 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\NOV 6 SITE COUNCIL WORKSHOP.msg
[2008/10/23 10:36:26 | 00,000,043 | ---- | M] () -- C:\windows\gswin32.ini
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
< End of report >

#14 soberalison

soberalison
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 04 November 2008 - 11:10 AM

Malwarebytes' Anti-Malware 1.30
Database version: 1363
Windows 5.1.2600 Service Pack 2

11/4/2008 8:08:12 AM
mbam-log-2008-11-04 (08-08-12).txt

Scan type: Quick Scan
Objects scanned: 57249
Time elapsed: 1 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

::::::::::::::::::::::::::::::::


OTViewIt logfile created on: 11/4/2008 8:08:49 AM - Run 3
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\ali\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.25% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 742.39 Gb Total Space | 717.60 Gb Free Space | 96.66% Space Free | Partition Type: NTFS
Drive D: | 684.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 149.01 Gb Total Space | 57.07 Gb Free Space | 38.30% Space Free | Partition Type: FAT32

Computer Name: MAMABEAR
Current User Name: ali
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/10/14 11:02:02 | 00,670,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
[2006/11/21 16:08:58 | 00,813,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
[2008/11/03 18:13:41 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/06/28 11:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/11/03 18:13:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/04/24 20:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2001/02/23 09:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
[2001/08/10 05:00:00 | 00,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities\NPROTECT.EXE
[2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2001/08/09 05:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Speed Disk\NOPDB.EXE
[2004/08/04 04:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2001/02/17 22:35:08 | 00,046,496 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
[2004/08/04 04:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2004/08/04 04:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/10/22 16:10:20 | 01,261,200 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
[2008/11/03 20:45:34 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ali\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/04/26 20:13:30 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2005/09/23 14:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2000/05/24 14:20:36 | 00,015,360 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc [Disabled | Stopped])
[2007/06/28 11:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -- (AVP [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/09/23 14:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/09/24 21:34:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2005/10/14 11:02:02 | 00,670,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/11/03 18:13:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/04/24 20:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2001/02/23 09:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
[2000/08/06 00:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [On_Demand | Stopped])
[2000/08/06 00:50:18 | 00,065,602 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2001/08/10 05:00:00 | 00,135,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities\NPROTECT.EXE -- (NProtectService [Auto | Running])
[2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/04/22 19:29:34 | 00,088,824 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/04/22 19:29:32 | 00,359,160 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2007/04/23 10:43:54 | 00,310,008 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2007/04/23 10:43:46 | 01,010,424 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2007/04/23 10:43:54 | 00,166,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2001/08/09 05:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- C:\Program Files\Speed Disk\NOPDB.EXE -- (Speed Disk service [Auto | Running])
[2000/08/06 00:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/10/28 12:39:11 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\windows\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2004/10/15 11:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2005/06/13 16:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/11/03 09:06:34 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2005/01/08 00:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/10/14 11:00:36 | 00,101,760 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
[2005/10/14 11:01:56 | 00,029,440 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass [System | Running])
[2005/10/14 11:00:26 | 00,022,016 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm [System | Running])
[2006/12/21 20:26:48 | 04,405,248 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/02/07 18:52:58 | 00,006,912 | ---- | M] (JMicron ) -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO [Boot | Running])
[2006/08/23 13:54:22 | 00,042,752 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID [Boot | Running])
[2004/08/03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/05/28 06:45:20 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2008/04/28 09:04:35 | 00,194,320 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (klif [System | Running])
[2007/04/04 13:58:26 | 00,024,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2004/08/13 01:56:20 | 00,005,810 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2001/08/10 05:00:00 | 00,034,354 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver [On_Demand | Running])
[2007/06/28 23:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/04/24 16:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/04/24 16:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2006/02/17 10:28:30 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/02/17 10:28:32 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2006/04/24 16:52:36 | 00,082,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
[2007/04/27 15:44:01 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/23 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimSerPort [On_Demand | Stopped])
[2006/11/07 18:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2004/08/04 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2004/08/04 04:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/27 22:08:30 | 00,057,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2004/08/04 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.guru.com/login.cfm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=yaho

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.guru.com/login.cfm

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=yaho

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)

========== (O4) Startup Folders ==========

[2005/03/16 18:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\ali\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\Software\Microsoft\Internet Explorer\MenuExt\]
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 03:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web Anti-Virus statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [2007/06/28 11:51:52 | 00,222,472 | ---- | M] (Kaspersky Lab)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> [2007/06/28 11:51:52 | 00,222,472 | ---- | M] (Kaspersky Lab)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-416096933-332200835-88186579-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> [2007/06/28 11:51:52 | 00,222,472 | ---- | M] (Kaspersky Lab)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 15:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{49232000-16E4-426C-A231-62846947304B}: http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab -- SysData Class
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab -- System Requirements Lab Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{F73BE1F4-82AA-4405-AB81-FAFB5A122359}: http://prostores3.megawebservers.com/store...es/pssbedit.cab -- SiteBuilderEditor Class
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{26236645-CE99-480C-8124-A919ECDF33AE} (Servers: | Description: NVIDIA nForce Networking Controller)
{51D99EDA-3B14-4234-8424-F3B40C772BE4} (Servers: | Description: Intel® PRO/100+ Management Adapter)
{C66A795B-C264-4FC4-B0FC-7BD723C42775} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Files/Folders - Created Within 30 Days ==========

[2008/11/04 07:50:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\Malwarebytes
[2008/11/04 07:50:21 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2008/11/04 07:50:21 | 00,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/04 07:50:19 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2008/11/04 07:50:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/04 07:50:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/04 07:45:39 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/11/04 07:43:59 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ali\Desktop\mbam-setup.exe
[2008/11/04 07:07:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2008/11/04 07:07:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2008/11/04 07:07:14 | 00,098,816 | ---- | C] () -- C:\windows\sed.exe
[2008/11/04 07:07:14 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\windows\fdsv.exe
[2008/11/04 07:07:14 | 00,080,412 | ---- | C] () -- C:\windows\grep.exe
[2008/11/04 07:07:14 | 00,068,096 | ---- | C] () -- C:\windows\zip.exe
[2008/11/04 07:07:14 | 00,049,152 | ---- | C] () -- C:\windows\VFIND.exe
[2008/11/04 07:07:14 | 00,028,672 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2008/11/04 07:07:13 | 00,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2008/11/04 07:07:10 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/11/04 06:58:59 | 03,024,598 | R--- | C] () -- C:\Documents and Settings\ali\Desktop\ComboFix.exe
[2008/11/03 20:45:33 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ali\Desktop\OTViewIt.exe
[2008/11/03 19:38:20 | 00,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\ali\Desktop\KillBox.exe
[2008/11/03 18:30:35 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\Shortcut to HijackThis.exe.lnk
[2008/11/03 18:29:59 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/11/03 14:58:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Desktop\ANTIVIRUS AVZ 4 HARDCORE
[2008/11/03 13:55:29 | 21,459,51744 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/03 11:51:21 | 00,000,000 | ---D | C] -- C:\Deckard
[2008/11/03 11:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\AdobeUM
[2008/11/03 11:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2008/11/03 11:20:33 | 00,000,000 | ---D | C] -- C:\windows\BDOSCAN8
[2008/11/03 11:11:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2008/11/03 11:11:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Toolbar
[2008/11/03 09:54:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\My Documents\Updater
[2008/11/03 09:06:51 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/11/03 09:06:35 | 00,000,250 | ---- | C] () -- C:\windows\gmer.ini
[2008/11/03 09:06:34 | 00,884,736 | ---- | C] () -- C:\windows\gmer.dll
[2008/11/03 09:06:34 | 00,811,008 | ---- | C] () -- C:\windows\gmer.exe
[2008/11/03 09:06:34 | 00,085,969 | ---- | C] (GMER) -- C:\windows\System32\drivers\gmer.sys
[2008/11/03 09:06:34 | 00,000,080 | ---- | C] () -- C:\windows\gmer_uninstall.cmd
[2008/11/03 08:30:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\Adobe
[2008/11/03 08:20:54 | 00,000,000 | ---D | C] -- C:\!KillBox
[2008/11/02 16:23:00 | 00,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2008/11/02 16:22:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Local Settings\Application Data\Mozilla
[2008/11/02 00:40:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\uTorrent
[2008/11/02 00:30:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/11/02 00:30:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Application Data\Azureus
[2008/10/31 14:28:00 | 00,917,353 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\S20-30.pdf
[2008/10/31 14:28:00 | 00,064,537 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\skinlaboratory_logo.ai
[2008/10/27 21:04:41 | 00,056,832 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\Re University Park Reading By 9.msg
[2008/10/27 21:04:13 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\RE Co-room moms.msg
[2008/10/25 16:03:10 | 01,140,291 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\FEDERATION GRADIENT DISSOLVE TEXT.ai
[2008/10/24 07:08:49 | 00,078,336 | ---- | C] () -- C:\Documents and Settings\ali\Desktop\NOV 6 SITE COUNCIL WORKSHOP.msg
[2008/10/23 09:46:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ali\Desktop\New Folder
[2008/10/08 07:05:46 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/08 07:05:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/06 19:19:31 | 00,000,000 | ---D | C] -- C:\windows\IPAFONTS

========== Files - Modified Within 30 Days ==========

[6 C:\windows\System32\*.tmp files]
[2008/11/04 08:08:17 | 10,221,0336 | -HS- | M] () -- C:\windows\System32\drivers\fidbox.dat
[2008/11/04 07:50:21 | 06,598,688 | -HS- | M] () -- C:\windows\System32\drivers\fidbox2.dat
[2008/11/04 07:50:21 | 00,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/04 07:48:01 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2008/11/04 07:47:20 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2008/11/04 07:44:08 | 02,372,472 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ali\Desktop\mbam-setup.exe
[2008/11/04 07:12:17 | 00,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2008/11/04 07:11:49 | 00,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2008/11/04 07:11:42 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2008/11/04 07:11:39 | 21,459,51744 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/04 07:10:32 | 01,372,172 | -HS- | M] () -- C:\windows\System32\drivers\fidbox.idx
[2008/11/04 07:10:32 | 00,622,772 | -HS- | M] () -- C:\windows\System32\drivers\fidbox2.idx
[2008/11/04 06:58:26 | 03,024,598 | R--- | M] () -- C:\Documents and Settings\ali\Desktop\ComboFix.exe
[2008/11/03 20:45:34 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ali\Desktop\OTViewIt.exe
[2008/11/03 19:38:20 | 00,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\ali\Desktop\KillBox.exe
[2008/11/03 18:30:36 | 00,000,742 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\Shortcut to HijackThis.exe.lnk
[2008/11/03 17:05:55 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2008/11/03 16:48:17 | 00,000,858 | ---- | M] () -- C:\windows\win.ini
[2008/11/03 13:00:13 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/03 09:54:11 | 00,000,256 | ---- | M] () -- C:\windows\System32\pool.bin
[2008/11/03 09:06:35 | 00,000,250 | ---- | M] () -- C:\windows\gmer.ini
[2008/11/03 09:06:34 | 00,884,736 | ---- | M] () -- C:\windows\gmer.dll
[2008/11/03 09:06:34 | 00,085,969 | ---- | M] (GMER) -- C:\windows\System32\drivers\gmer.sys
[2008/11/03 09:06:34 | 00,000,080 | ---- | M] () -- C:\windows\gmer_uninstall.cmd
[2008/11/03 07:53:39 | 00,500,574 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2008/11/03 07:53:39 | 00,421,358 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2008/11/03 07:53:39 | 00,070,474 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2008/11/03 07:52:17 | 03,859,880 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2008/11/03 03:38:36 | 00,002,262 | ---- | M] () -- C:\windows\Wininit.ini
[2008/11/02 16:23:00 | 00,000,000 | ---- | M] () -- C:\windows\nsreg.dat
[2008/10/31 14:28:00 | 00,917,353 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\S20-30.pdf
[2008/10/31 14:28:00 | 00,064,537 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\skinlaboratory_logo.ai
[2008/10/30 09:43:23 | 00,687,216 | ---- | M] () -- C:\Documents and Settings\ali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/30 09:39:37 | 00,000,376 | ---- | M] () -- C:\windows\ODBC.INI
[2008/10/29 07:02:01 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2008/10/27 21:04:41 | 00,056,832 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\Re University Park Reading By 9.msg
[2008/10/27 21:04:13 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\RE Co-room moms.msg
[2008/10/25 16:03:14 | 01,140,291 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\FEDERATION GRADIENT DISSOLVE TEXT.ai
[2008/10/24 09:10:22 | 00,593,168 | ---- | M] () -- C:\windows\ATMREG.ATM
[2008/10/24 08:36:44 | 00,684,208 | ---- | M] () -- C:\Documents and Settings\ali\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/24 07:08:49 | 00,078,336 | ---- | M] () -- C:\Documents and Settings\ali\Desktop\NOV 6 SITE COUNCIL WORKSHOP.msg
[2008/10/23 10:36:26 | 00,000,043 | ---- | M] () -- C:\windows\gswin32.ini
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
< End of report >

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:16 PM

Posted 04 November 2008 - 11:19 AM

Please post a new hijackthis log.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users