Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can not get rid of zlob trojan


  • This topic is locked This topic is locked
25 replies to this topic

#1 trmaze70

trmaze70

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 26 November 2008 - 09:02 AM

Have tried to do every thing on this site to get rid of all the Trojans and virus and other stuff related to the unwanted download of the virus or what ever it is i have smith fraud .Ihave vundofix i have avg i have trend i have you name it i cant get rid of it help .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:31 AM, on 11/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149454667140
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {07D483AE-58B4-4257-ABC3-0699A92A3CD5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

--
End of file - 9540 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:46 AM

Posted 01 December 2008 - 06:40 PM

Hello, trmaze70
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • GMER's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 trmaze70

trmaze70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 02 December 2008 - 05:04 PM

trying to put in my •GMER's Log but it keeps telling me that post to long trying to figure it out

#4 trmaze70

trmaze70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 02 December 2008 - 05:20 PM

OTViewIt logfile created on: 12/2/2008 5:06:57 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Owner\Start Menu\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.48 Mb Total Physical Memory | 233.49 Mb Available Physical Memory | 31.75% Memory free
1.76 Gb Paging File | 1.25 Gb Available in Paging File | 71.07% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 19.51 Gb Free Space | 52.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIM
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days

========== Processes ==========

[2008/09/18 20:12:08 | 00,337,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/28 11:48:29 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2002/01/24 17:59:18 | 00,512,000 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\Compaq\Compaq Management Agents\Cpqalert.exe
[2002/01/24 18:09:16 | 00,024,576 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\Compaq\Compaq Management Agents\cpqWebDmi\Webdmi.exe
[2008/09/24 09:34:26 | 00,596,840 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
[2008/09/25 10:00:48 | 00,321,888 | ---- | M] () -- C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe
[2008/11/25 12:21:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/11/25 12:23:26 | 00,707,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
[2008/11/25 12:23:29 | 00,492,888 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
[2008/11/25 12:23:29 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
[2001/04/11 10:33:46 | 00,215,552 | ---- | M] (Intel) -- C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
[2008/07/19 15:50:19 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2003/02/25 03:33:14 | 00,069,632 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\S3tray2.exe
[2004/03/18 08:33:26 | 00,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
[2008/11/28 07:17:57 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/11/25 12:21:58 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/11/25 12:23:30 | 00,970,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
[2003/02/25 03:33:14 | 00,069,632 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\S3tray2.exe
[2008/09/26 08:50:46 | 00,206,184 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\HOMERunner.exe
[2008/01/23 16:37:30 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/11/25 12:23:27 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
[2003/11/14 08:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/08/28 11:48:26 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/08/22 02:16:40 | 00,637,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/08/22 02:16:40 | 00,637,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/11/25 12:23:29 | 01,255,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
[2008/12/02 15:19:16 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Start Menu\My Documents\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/28 11:48:26 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/08/28 11:48:29 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2002/01/24 17:59:18 | 00,512,000 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\Compaq\Compaq Management Agents\Cpqalert.exe -- (CPQALERT [Auto | Running])
[2002/01/24 18:03:48 | 00,020,480 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\Compaq\Compaq Management Agents\Cpqdmi.exe -- (cpqdmi [Disabled | Stopped])
[2002/01/24 18:09:16 | 00,024,576 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\Compaq\Compaq Management Agents\cpqWebDmi\Webdmi.exe -- (cpqWebDmi [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/11/19 09:39:58 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/09/24 09:34:26 | 00,596,840 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList [Auto | Running])
[2008/09/24 09:34:26 | 00,596,840 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService [Auto | Running])
[2008/09/25 10:00:48 | 00,321,888 | ---- | M] () -- C:\Program Files\iolo\System Mechanic\IoloSGCtrl.exe -- (IOLO_SRV [Auto | Running])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/11/25 12:21:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/03/03 18:44:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
[2008/11/25 12:23:26 | 00,707,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
[2008/09/18 20:12:08 | 00,337,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
[2008/11/25 12:23:29 | 00,492,888 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [Auto | Running])
[2008/11/25 12:23:29 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy [Auto | Running])
[2001/04/11 10:33:46 | 00,215,552 | ---- | M] (Intel) -- C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe -- (WIN32SL [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2003/12/11 22:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Stopped])
[2005/08/29 14:11:00 | 03,644,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2004/08/04 00:59:20 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[2008/08/28 11:48:26 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/19 15:50:53 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/07/19 15:51:04 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2002/01/16 14:48:54 | 00,054,222 | ---- | M] (Compaq Computer Corp) -- C:\WINDOWS\system32\drivers\Clntmgmt.sys -- (ClntMgmt [System | Running])
[2003/02/22 21:55:26 | 00,141,824 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k [Boot | Running])
[2008/09/22 03:41:04 | 00,043,520 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FET5X86V [On_Demand | Running])
[2008/09/22 03:41:04 | 00,043,520 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Stopped])
[2004/10/18 15:48:34 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/12/02 15:25:46 | 00,068,961 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2005/10/21 19:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2005/10/21 19:58:58 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2005/10/21 19:52:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2003/03/14 03:13:04 | 00,090,395 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2004/03/10 13:42:24 | 00,012,953 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr [On_Demand | Running])
[2003/11/07 04:50:00 | 00,051,486 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running])
[2003/11/07 04:50:00 | 00,070,798 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
[2003/12/12 18:03:10 | 00,652,689 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
[2003/07/08 22:21:50 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
[2002/12/13 03:06:40 | 00,129,875 | R--- | M] (Mars Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA [On_Demand | Stopped])
[2003/04/10 05:52:20 | 00,028,276 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
[2004/08/04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2002/09/06 20:24:00 | 00,013,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp [Boot | Running])
[2004/03/19 12:54:24 | 00,038,912 | ---- | M] (Motorola Inc) -- C:\WINDOWS\system32\drivers\P2k.sys -- (P2k [On_Demand | Stopped])
[2005/12/12 16:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Stopped])
[2002/08/29 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/04/10 21:47:17 | 00,020,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2002/06/10 13:20:50 | 00,039,936 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvcd.sys -- (QCDonner [On_Demand | Stopped])
[2004/08/04 00:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Stopped])
[2004/03/02 13:02:30 | 00,167,040 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2003/02/26 21:19:50 | 00,260,736 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315 [On_Demand | Stopped])
[2002/12/25 00:09:48 | 00,030,848 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP [Boot | Running])
[2008/11/25 12:23:51 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running])
[2008/11/25 12:23:52 | 00,334,352 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running])
[2008/11/25 12:23:51 | 00,144,912 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/11/25 12:23:52 | 00,049,680 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running])
[2008/11/25 12:23:52 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2008/11/25 12:23:52 | 00,080,400 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/11/25 12:23:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2004/08/04 02:08:42 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
[2002/12/27 13:41:00 | 00,026,880 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2008/11/25 12:23:53 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])
[2002/08/29 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])
[2003/03/14 03:14:28 | 00,112,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
[2003/03/14 03:14:16 | 00,078,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (635 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{243B17DE-77C7-46BF-B94B-0B5F309A0E64} (HKLM) -- C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"SITEguard" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}" (HKLM) -- C:\Program Files\WebMediaViewer\browseul.dll File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{57F02779-3D88-4958-8AD3-83C12D86ADC7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F5735C15-1FB2-41FE-BA12-242757E69DDE}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}" (HKLM) -- C:\Program Files\WebMediaViewer\browseul.dll File not found

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{57F02779-3D88-4958-8AD3-83C12D86ADC7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F5735C15-1FB2-41FE-BA12-242757E69DDE}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Logitech Utility"=Logi_MwX.Exe (Logitech Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"S3TRAY2"=S3tray2.exe (S3 Graphics, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" (Trend Micro Inc.)
"S3TRAY2"=S3tray2.exe (S3 Graphics, Inc.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" (Trend Micro Inc.)
"S3TRAY2"=S3tray2.exe (S3 Graphics, Inc.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

========== (O4) Startup Folders ==========

File not found --
[2008/11/26 16:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
File not found -- C:\Documents and Settings\All Users\Shared Documents
[2008/05/20 18:57:28 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\DRM
[2005/09/06 09:50:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Favorites
[2003/07/06 13:16:59 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2008/11/24 15:46:35 | 00,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
File not found --
[2007/02/12 06:47:58 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Templates
File not found --
[2008/11/26 09:11:58 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Default User\Cookies
[2007/02/12 06:47:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Desktop
[2008/10/17 18:58:58 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Default User\Favorites
File not found --
File not found --
[2006/08/21 14:24:09 | 00,786,432 | -H-- | M] () -- C:\Documents and Settings\Default User\NTUSER.DAT
[2007/04/12 09:59:14 | 00,001,024 | -H-- | M] () -- C:\Documents and Settings\Default User\ntuser.dat.LOG
[2003/04/10 06:08:04 | 00,000,180 | -HS- | M] () -- C:\Documents and Settings\Default User\ntuser.ini
[2007/02/12 06:47:50 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\PrintHood
File not found -- C:\Documents and Settings\Default User\My Recent Documents
[2008/08/22 16:41:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\SendTo
File not found --
[2008/08/22 16:45:51 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\Templates
[2007/02/12 06:48:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\WINDOWS
File not found --
[2008/11/26 09:11:59 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Guest\Cookies
[2008/05/11 14:18:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Desktop
[2003/12/19 21:20:39 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Guest\Favorites
File not found --
File not found --
[2008/07/11 06:33:53 | 00,262,144 | -H-- | M] () -- C:\Documents and Settings\Guest\ntuser.dat
[2008/11/27 11:50:07 | 00,001,024 | -H-- | M] () -- C:\Documents and Settings\Guest\ntuser.dat.LOG
[2007/02/12 06:47:51 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Guest\PrintHood
File not found -- C:\Documents and Settings\Guest\My Recent Documents
[2005/10/25 15:50:10 | 00,643,072 | ---- | M] () -- C:\Documents and Settings\Guest\s-1-5-21-1077823671-3768192083-2806821575-501.rrr
[2008/08/22 16:41:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Guest\SendTo
File not found --
[2008/08/22 16:45:51 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Guest\Templates
File not found --
[2008/11/26 09:12:00 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\LocalService\Cookies
[2007/02/06 12:56:54 | 00,000,000 | R--D | M] -- C:\Documents and Settings\LocalService\Favorites
File not found --
[2008/12/02 15:09:55 | 00,700,416 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2008/12/02 16:50:19 | 00,001,024 | -H-- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2003/04/10 04:52:39 | 00,000,020 | -HS- | M] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2005/10/25 15:49:52 | 00,237,568 | ---- | M] () -- C:\Documents and Settings\LocalService\s-1-5-19.rrr
[2005/04/17 09:18:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\UserData
File not found --
[2003/04/10 04:48:30 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService\Cookies
[2007/10/20 12:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Desktop
File not found --
[2008/12/02 15:09:55 | 00,786,432 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2008/12/02 17:03:07 | 00,001,024 | -H-- | M] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2008/08/23 07:57:04 | 00,000,020 | -HS- | M] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2005/10/25 15:49:49 | 00,237,568 | ---- | M] () -- C:\Documents and Settings\NetworkService\s-1-5-20.rrr
File not found -- C:\Documents and Settings\Owner\.hou
File not found --
[2004/10/13 09:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\awc_timmymaze
[2004/08/20 15:13:18 | 00,000,686 | ---- | M] () -- C:\Documents and Settings\Owner\awc_timmymazenull
[2004/08/17 14:10:33 | 00,000,029 | ---- | M] () -- C:\Documents and Settings\Owner\BCPath.txt
[2008/12/02 17:04:41 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Owner\Cookies
[2008/11/26 16:15:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Desktop
[2008/11/25 13:44:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Favorites
[2008/04/13 11:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Incomplete
[2007/02/12 06:47:53 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\InstallAnywhere
File not found --
File not found --
File not found --
[2004/01/27 11:55:18 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\NetHood
[2008/12/02 15:09:38 | 06,815,744 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2008/12/02 17:06:48 | 00,001,024 | -H-- | M] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2008/12/02 15:09:38 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2004/01/27 11:55:18 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\PrintHood
[2008/08/22 02:05:00 | 00,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\PrivacIE.dll
File not found -- C:\Documents and Settings\Owner\My Recent Documents
[2004/04/11 10:19:31 | 06,234,796 | ---- | M] () -- C:\Documents and Settings\Owner\registry backup.cab
[2005/10/25 15:50:06 | 03,534,848 | ---- | M] () -- C:\Documents and Settings\Owner\s-1-5-21-1077823671-3768192083-2806821575-1003.rrr
[2008/08/07 08:45:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\SendTo
[2008/04/13 10:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Shared
File not found --
[2008/08/22 16:45:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Templates
[2007/02/12 06:48:03 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Owner\UserData
[2007/02/12 06:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\WINDOWS
[2005/08/15 15:56:51 | 00,000,004 | -HS- | M] () -- C:\Documents and Settings\Owner\win_rhtdo53x4
File not found --
[2008/11/26 09:12:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Cookies
[2007/04/04 18:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Favorites
File not found --
[2008/11/24 12:34:22 | 01,310,720 | -H-- | M] () -- C:\Documents and Settings\TEMP\NTUSER.DAT
[2008/11/24 12:34:22 | 00,001,024 | -H-- | M] () -- C:\Documents and Settings\TEMP\ntuser.dat.LOG
[2008/08/22 16:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Templates

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoRun"=0
"ClearRecentDocsOnExit"=01 00 00 00 [binary data]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoRun"=0
"ClearRecentDocsOnExit"=01 00 00 00 [binary data]

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{E023F504-0C5A-4750-A1E7-A9046DEA8A21}: Button: MoneySide -- %ProgramFiles%\Microsoft Money\System\mnyside.dll [2002/07/17 20:00:00 | 00,163,906 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{77E68763-4284-41d6-B7E7-B6E1F053A9E7} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{94148DB5-B42D-4915-95DA-2CBB4F7095BF} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKLM] -> %ProgramFiles%\Microsoft Money\System\mnyside.dll [MoneySide] -> [2002/07/17 20:00:00 | 00,163,906 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{6FDD5236-C9F0-49ef-935D-385F5E21991A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77E68763-4284-41d6-B7E7-B6E1F053A9E7} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{94148DB5-B42D-4915-95DA-2CBB4F7095BF} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKLM] -> %ProgramFiles%\Microsoft Money\System\mnyside.dll [MoneySide] -> [2002/07/17 20:00:00 | 00,163,906 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{6FDD5236-C9F0-49ef-935D-385F5E21991A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77E68763-4284-41d6-B7E7-B6E1F053A9E7} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{94148DB5-B42D-4915-95DA-2CBB4F7095BF} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKLM] -> %ProgramFiles%\Microsoft Money\System\mnyside.dll [MoneySide] -> [2002/07/17 20:00:00 | 00,163,906 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{77E68763-4284-41d6-B7E7-B6E1F053A9E7} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{94148DB5-B42D-4915-95DA-2CBB4F7095BF} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKLM] -> %ProgramFiles%\Microsoft Money\System\mnyside.dll [MoneySide] -> [2002/07/17 20:00:00 | 00,163,906 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
99 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
95 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
95 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
95 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
95 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1077823671-3768192083-2806821575-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
99 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BCC737-B171-4746-94C9-0D8A0B2C0089}: http://office.microsoft.com/templates/ieawsdc.cab -- Microsoft Office Template and Media Control
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02}: http://housecall60.trendmicro.com/housecall/xscan60.cab -- HouseCall Control
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{4C39376E-FA9D-4349-BACC-D305C1750EF3}: http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab -- EPUImageControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1149454667140 -- MUWebControl Class
{74D05D43-3236-11D4-BDCD-00C04F9A3B61}: http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab -- HouseCall Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{A8658086-E6AC-4957-BC8E-8D54A7E8A790}: http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB -- GDIChk Object
{A90A5822-F108-45AD-8482-9BC8B12DD539}: http://www.crucial.com/controls/cpcScanner.cab -- Crucial cpcScan
{A93D84FD-641F-43AE-B963-E6FA84BE7FE7}: http://www.linksysfix.com/netcheck/67/install/gtdownls.cab -- LinkSys Content Update
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}: https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx -- Get_ActiveX Control
{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD}: http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB -- TSEasyInstallX Control
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D0C0F75C-683A-4390-A791-1ACFD5599AB8}: http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab -- Oberon Flash Game Host
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{F5C90925-ABBF-4475-88F5-8622B452BA9E}: http://www29.compaq.com/falco/SysQuery.cab -- Compaq System Data Class
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7}: http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll -- PCPitstop Exam
{FFD85DC8-5261-4D11-B728-F7C59D911691}: http://www.iolo.com/app/ocx/UpgradeVerify.ocx -- iolo.ProductDetector
DirectAnimation Java Classes: -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{9143C7B6-68B8-4BED-A656-6C56112657D6} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)
{DF1A40EC-5E43-4830-8A51-1615CB0E56FE} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/07/19 15:51:07 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [@ECHO OFF | C:\WINDOWS\DelIndex.BAT | move /y "C:\Program Files\SpyKiller\tmp.sk" "C:\Autoexec.bat" | ]
[2005/05/18 16:25:33 | 00,000,100 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2aca11e4-9e3d-11dd-82e7-000c760c4d72}\Shell\AutoRun\command]
""=D:\LinksysConnectPC.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de8810d2-6635-11dc-bd1c-000c760c4d72}\Shell\AutoRun\command]
""=F:\LinksysConnectPC.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\*.tmp files]
[2008/12/02 15:25:48 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/02 15:25:46 | 00,068,961 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/02 15:25:46 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/02 15:25:45 | 00,565,311 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/02 15:25:43 | 00,573,440 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/02 15:19:08 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Start Menu\My Documents\OTViewIt.exe
[2008/11/26 16:14:32 | 00,001,742 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\My Documents\HijackThis.lnk
[2008/11/26 16:14:06 | 66,644,872 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Start Menu\My Documents\TrendMicro_TIS_17.00_en-US_32-bit.exe
[2008/11/26 16:13:55 | 00,000,807 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\My Documents\Trend Micro Internet Security.lnk
[2008/11/26 16:13:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\My Documents\TrendMicro_TIS_17.00_en-US_32-bit
[2008/11/26 09:11:16 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Start Menu\My Documents\ATF-Cleaner.exe
[2008/11/26 08:54:36 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Start Menu\My Documents\mbam-setup.exe
[2008/11/25 14:29:48 | 00,333,912 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\My Documents\uninstall fix.reg
[2008/11/25 14:09:22 | 01,137,360 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\Owner\Start Menu\My Documents\fsbl.exe
[2008/11/25 12:32:57 | 00,049,680 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2008/11/25 12:32:56 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2008/11/25 12:29:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2008/11/25 12:24:31 | 00,661,808 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\UfWSC.cpl
[2008/11/25 12:23:53 | 01,195,448 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys
[2008/11/25 12:23:52 | 00,334,352 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2008/11/25 12:23:52 | 00,205,328 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys
[2008/11/25 12:23:52 | 00,080,400 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2008/11/25 12:23:52 | 00,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys
[2008/11/25 12:22:44 | 00,410,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2008/11/25 12:22:44 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2008/11/25 12:22:44 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2008/11/25 12:22:44 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2008/11/25 12:01:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\My Documents\Oberon Media
[2008/11/25 11:33:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\My Documents\SmitfraudFix
[2008/11/25 11:33:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\My Documents\TrendMicro_Downloader
[2008/11/25 08:53:57 | 00,000,000 | ---D | C] -- C:\rsit
[2008/11/25 07:57:51 | 00,144,912 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/11/25 07:57:42 | 01,958,864 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Start Menu\My Documents\TrendMicro_Downloader.exe
[2008/11/24 19:03:47 | 77,128,0896 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/24 18:17:23 | 00,002,812 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/11/24 18:16:24 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2008/11/24 18:16:24 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2008/11/24 18:16:24 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2008/11/24 18:16:24 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2008/11/24 18:16:24 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2008/11/24 18:16:24 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2008/11/24 18:16:24 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2008/11/24 18:16:24 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2008/11/24 18:16:24 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2008/11/24 18:16:24 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2008/11/24 18:16:24 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2008/11/24 18:16:24 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2008/11/24 18:16:24 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2008/11/24 17:45:34 | 01,581,780 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\My Documents\SmitfraudFix.exe
[2008/11/24 17:30:34 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/24 17:29:07 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Start Menu\My Documents\VundoFix.exe
[2008/11/24 16:54:43 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/11/24 16:35:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Download Manager
[2008/11/24 12:03:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:399EDB8F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
[2008/11/24 12:02:14 | 00,000,000 | ---D | C] -- C:\Program Files\WebMediaViewer
[2008/11/20 14:37:51 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/11/20 14:35:05 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/11/20 14:34:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/20 14:21:56 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/11/19 12:57:41 | 00,414,519 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\My Documents\weld-table.pdf
[2008/11/12 07:00:47 | 00,000,000 | ---D | C] -- C:\97e0fa7ed981d46048f2784a84f7a984

========== Files - Modified Within 30 Days ==========

[3 C:\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/12/02 17:03:56 | 00,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2008/12/02 16:59:36 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BBADFA0E-B4A4-40ED-9C6D-E6425C4DC2BB}.job
[2008/12/02 16:47:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/02 16:47:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/02 16:47:14 | 77,128,0896 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/02 16:08:43 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/02 15:25:46 | 00,565,311 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/02 15:25:46 | 00,068,961 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/02 15:25:46 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/02 15:24:48 | 00,573,440 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2008/12/02 15:24:48 | 00,573,440 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\My Documents\gmer.exe
[2008/12/02 15:19:16 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Start Menu\My Documents\OTViewIt.exe
[2008/12/02 15:08:44 | 06,401,214 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/12/02 12:00:00 | 00,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Auto-scheduled task of Free Registry Fix.job
[2008/12/02 10:16:18 | 30,466,978 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/01 08:46:53 | 00,072,614 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/30 09:04:30 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/26 15:30:17 | 01,581,780 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\My Documents\SmitfraudFix.exe
[2008/11/26 09:11:17 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Start Menu\My Documents\ATF-Cleaner.exe
[2008/11/26 08:54:36 | 02,372,472 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Start Menu\My Documents\mbam-setup.exe
[2008/11/25 14:29:48 | 00,333,912 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\My Documents\uninstall fix.reg
[2008/11/25 14:09:35 | 01,137,360 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Owner\Start Menu\My Documents\fsbl.exe
[2008/11/25 12:31:16 | 00,000,807 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\My Documents\Trend Micro Internet Security.lnk
[2008/11/25 12:24:31 | 00,661,808 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\UfWSC.cpl
[2008/11/25 12:23:53 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys
[2008/11/25 12:23:52 | 00,334,352 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2008/11/25 12:23:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys
[2008/11/25 12:23:52 | 00,080,400 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2008/11/25 12:23:52 | 00,049,680 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2008/11/25 12:23:52 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys
[2008/11/25 12:23:51 | 00,144,912 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/11/25 12:23:51 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2008/11/25 12:22:22 | 66,644,872 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Start Menu\My Documents\TrendMicro_TIS_17.00_en-US_32-bit.exe
[2008/11/25 12:21:56 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2008/11/25 12:21:56 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2008/11/25 12:21:56 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2008/11/25 12:21:56 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2008/11/25 12:21:55 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2008/11/25 08:20:16 | 00,000,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/11/25 07:57:45 | 01,958,864 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Start Menu\My Documents\TrendMicro_Downloader.exe
[2008/11/24 18:17:23 | 00,002,812 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/11/24 18:17:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2008/11/24 17:30:36 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\My Documents\HijackThis.lnk
[2008/11/24 17:29:10 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Start Menu\My Documents\VundoFix.exe
[2008/11/24 16:38:30 | 00,445,476 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/24 16:38:30 | 00,073,250 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/24 16:38:29 | 00,528,496 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/24 15:08:05 | 00,026,935 | ---- | M] () -- C:\WINDOWS\Wininit.ini
[2008/11/24 12:09:59 | 00,001,556 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2008/11/23 20:15:00 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2008/11/20 14:37:56 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/19 12:57:41 | 00,414,519 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\My Documents\weld-table.pdf
[2008/11/06 14:23:43 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/03 19:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

#5 trmaze70

trmaze70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 02 December 2008 - 05:22 PM

OTViewIt Extras logfile created on: 12/2/2008 5:06:57 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Owner\Start Menu\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.48 Mb Total Physical Memory | 233.49 Mb Available Physical Memory | 31.75% Memory free
1.76 Gb Paging File | 1.25 Gb Available in Paging File | 71.07% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 19.51 Gb Free Space | 52.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIM
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 02:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/10/21 06:10:36 | 00,036,864 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 02:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth
File not found -- C:\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe:*:Enabled:EE-AOC
[2004/06/27 16:05:45 | 00,204,845 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer
[2004/08/04 02:56:48 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
File not found -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service
File not found -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
File not found -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
File not found -- C:\Program Files\Common Files\AOL\1129037965\EE\AOLServiceHost.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\1129043531\EE\AOLServiceHost.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
File not found -- C:\Program Files\Common Files\AOL\1129043531\EE\aolsoftware.exe:*:Enabled:AOL Services
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\Support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher
File not found -- C:\Program Files\FireFly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/10/21 06:10:36 | 00,036,864 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/08/28 11:48:26 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2008/08/28 11:43:33 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2002/12/11 16:15:24 | 02,711,552 | ---- | M] () -- C:\Program Files\FireFly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader
[2004/08/04 02:56:48 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/08/04 02:56:43 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/19 15:50:46 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/08/04 02:56:43 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/08/04 02:56:43 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/21 06:10:36 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (offline-8876480:{07D483AE-58B4-4257-ABC3-0699A92A3CD5} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F9D88C-3C86-4E82-840A-101A3221F67A}"=Microsoft Money 2003
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}"=Microsoft Money 2003 System Pack
"{036AA4D4-6D32-11D4-9875-00105ACE7734}"=Logitech iTouch Software
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}"=Sonic Update Manager
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}"=AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}"=Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}"=WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}"=Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}"=HP Deskjet All-In-One Software 8.0
"{25F6C900-C138-4888-A56C-91D3D063023A}"=HP Update
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}"=HpSdpAppCoreApp
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}"=Trend Micro Internet Security
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}"=Microsoft Windows Journal Viewer
"{48BD24F5-13DE-493A-A7CE-28A85113FF0C}"=HP Deskjet printer preloaded drivers
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1"=iolo technologies' System Mechanic
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}"=Logitech MouseWare 9.79
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}"=Logitech ImageStudio
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{657F8B33-CBBB-45F4-9087-274F22C89400}"=DJ_AIO_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}"=HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}"=Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}"=Microsoft Works 7.0
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}"=F4100
"{8214CC02-6271-4DC8-B8DD-779933450264}"=RecordNow
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}"=Stronghold Crusader
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90AF0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office PowerPoint Viewer 2003
"{9449C1CF-2A3B-4008-9621-0358F984FCEE}"=Compaq 7500 INF and ICM software
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}"=MarketResearch
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{978C25EE-5777-46e4-8988-732C297CBDBD}"=Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}"=Destinations
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}"=DJ_AIO_Software
"{9F057CFA-0DD5-4EE1-81FC-6C9BBD78ED49}"=Compaq 5500 INF and ICM software
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}"=SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}"=Copy
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}"=Windows Defender Signatures
"{A73EFA95-4872-4AE3-8EE9-10D2E2D713CF}"=RoadRunner
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}"=F4100_Help
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}"=Microsoft .NET Framework (English)
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}"=Windows Rights Management Client with Service Pack 2
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}"=BufferChm
"{C716522C-3731-4667-8579-40B098294500}"=Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}"=Camera Driver
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}"=Full Tilt Poker
"{DC83F417-8068-4074-BA2F-C4F8AB872556}"=DJ_AIO_Software_min
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}"=UnloadSupport
"{EB21A812-671B-4D08-B974-2A347F0D8F70}"=HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}"=HPSSupply
"{EC905264-BCFE-423B-9C42-C3A106266790}"=Windows Rights Management Client Backwards Compatibility SP2
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}"=Simple Installer - Multilanguage Version
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}"=32 Bit HP CIO Components Installer
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}"=Quicken 2003 New User Edition
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"{FCD50C2E-7DB3-4C18-8D73-6E24CEBD4021}"=Hewlett-Packard Multimedia Keyboard/Mouse Solution
"{FF075778-6E50-47ed-991D-3B07FD4E3250}"=TrayApp
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Adobe SVG Viewer"=Adobe SVG Viewer 3.0
"AudibleManager"=AudibleManager
"AVG8Uninstall"=AVG Free 8.0
"BackWeb-1940576 Uninstaller"=Compaq Connections
"CCleaner"=CCleaner (remove only)
"DFx.DriverAssembly.cfb7d3fc0ab7f7a3133a6c25509eaf3479108975"=Windows Driver Package - Realtek Semiconductor Corp. MEDIA 12/12/2003 5.10.00.5410
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools"=HP Solution Center 8.0
"HPExtendedCapabilities"=HP Customer Participation Program 8.0
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie8"=Windows Internet Explorer 8 Beta 2
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}"=Quicken 2003 New User Edition
"InstallShield_{FCD50C2E-7DB3-4C18-8D73-6E24CEBD4021}"=Hewlett-Packard Multimedia Keyboard/Mouse Solution
"Instant Support"=Instant Support
"IntMgmt"=Compaq Management Agents
"kdx"=Secure Delivery
"Logitech Resource Center"=Logitech Resource Center
"LxSystems"=LX Systems Download Manager
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)"=Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS"=Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA"=NVIDIA Windows 2000/XP Display Drivers
"P4M266"=ProSavageDDR and Utilities
"PS2"=PS2
"RealPlayer 6.0"=RealPlayer
"S3Display"=S3Display
"S3Gamma2"=S3Gamma2
"S3Info2"=S3Info2
"S3Overlay"=S3Overlay
"TaxCut 2003"=TaxCut 2003
"TaxCut 2004"=TaxCut 2004
"TaxCut Deluxe 2005"=TaxCut Deluxe 2005
"TaxCut Premium 2006"=TaxCut Premium 2006
"TomTom HOME"=TomTom HOME
"tv_enua"=Lernout & Hauspie TruVoice American English TTS Engine
"VN_VUIns_Rhine_VIA"=VIA Rhine-Family Fast-Ethernet Adapter
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 2
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Toolbar"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2008 5:44:00 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2008 5:44:00 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2008 5:45:46 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18241, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2008 5:45:50 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18241, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2008 5:45:51 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18241, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2008 5:45:52 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18241, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2008 5:45:52 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18241, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2008 5:45:52 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18241, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2008 5:45:52 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18241, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2008 5:45:52 PM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18241, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/29/2008 10:19:35 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 11/29/2008 10:21:14 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7022
Description = The Trend Micro Proxy Service service hung on starting.

Error - 11/30/2008 10:02:00 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 12/1/2008 9:42:52 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 12/2/2008 11:14:42 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 12/2/2008 11:16:11 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7022
Description = The Trend Micro Proxy Service service hung on starting.

Error - 12/2/2008 3:57:01 PM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 12/2/2008 3:58:48 PM | Computer Name = TIM | Source = Service Control Manager | ID = 7022
Description = The Trend Micro Proxy Service service hung on starting.

Error - 12/2/2008 4:12:12 PM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 12/2/2008 5:49:02 PM | Computer Name = TIM | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2


< End of report >

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:46 AM

Posted 02 December 2008 - 07:53 PM

Please upload the GMER file here:
http://bleepingcomputer.com/submit-malware.php?channel=54

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 trmaze70

trmaze70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 03 December 2008 - 09:21 AM

sent file to link thank you for all the help

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:46 AM

Posted 04 December 2008 - 05:59 PM

Hello, trmaze70
I don't see any malware in here. Are you still having problems?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 trmaze70

trmaze70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 04 December 2008 - 08:17 PM

my avg keeps stopping zlob trojan downloader .ahgb or something like that but i dont know for sure

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:46 AM

Posted 04 December 2008 - 08:26 PM

Does it list a location of the item it is finding?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 trmaze70

trmaze70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 05 December 2008 - 06:08 PM

i think it was like c:/ system volume _restore or something like that it happened like 5 times but have not seen it in a few days but i have not been on my computer alot lately thanks tim

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:46 AM

Posted 05 December 2008 - 06:15 PM

Hello, trmaze70
That is part of windows' system restore feature. Files that were on your desktop were picked up by System Restore's cache. AVG then detected the cached files.

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 trmaze70

trmaze70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 05 December 2008 - 10:20 PM

i will do that but just wanted you to see what i was getting it happened just a while ago thanks tim

"Trojan horse Downloader.Zlob";"C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP1918\A0503959.dll";"Moved to Virus Vault";"12/5/2008, 7:53:50 PM";"file";"C:\WINDOWS\System32\svchost.exe"

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:46 AM

Posted 06 December 2008 - 05:00 PM

Yes, that's system restore. Can you please run the ESET? Thanks :thumbsup:
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 trmaze70

trmaze70
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 10 December 2008 - 06:00 PM

been working late sorry ran that program still dont know but havent seen any warnings but have not been on computer




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users