Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware_PopUps Virus wont go away


  • This topic is locked This topic is locked
52 replies to this topic

#1 siccboy

siccboy

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 30 November 2008 - 01:27 PM

Hello,
I had some bad trojan, adware and spyware jump on my computer, I ran and installed AVG, Rogue Remover, Norton Scan, Kaspersky Lab, currently have Zone Alarm up(accepted some programs request for internet),maybe some others and then ran combofix, I ran it 3 times now.....this was the second attempt and it found quite a bit. see below:

ComboFix 08-11-26.01 - Alex 1981-01-12 18:54:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.463 [GMT -8:00]
Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\tn3
c:\windows\system32\~.exe
c:\windows\system32\gahidumi.dll
c:\windows\system32\idosofej.ini
c:\windows\system32\iveyenut.ini
c:\windows\system32\jefosodi.dll
c:\windows\system32\nelesoye.dll
c:\windows\system32\rameruzo.dll
c:\windows\system32\tuneyevi.dll
c:\windows\system32\yukojuni.dll
c:\windows\system32\zudavuva.dll
c:\windows\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEDIA_SERIAL_NUMBER_SERVICE
-------\Service_Media Serial Number Service


((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-09 19:07 . 2008-12-09 19:07 <DIR> d-------- c:\temp\tn3
2008-12-09 19:07 . 2008-12-09 19:07 932 --------- c:\windows\system32\drivers\core.cache.dsk
2008-11-30 17:35 . 2008-11-30 17:36 <DIR> d-------- c:\program files\RogueRemover FREE
2008-11-29 20:04 . 2008-03-02 02:59 738,304 ---hs---- c:\windows\system32\_RECYCLER.EXE
2008-11-29 18:41 . 2007-08-01 22:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-29 13:49 . 2008-11-29 15:32 <DIR> d-------- c:\documents and settings\Alex\.housecall6.6
2008-11-29 13:33 . 2008-11-29 13:33 <DIR> d-------- c:\documents and settings\Alex\temp
2008-11-29 13:33 . 2008-11-29 13:33 <DIR> d-------- c:\documents and settings\Alex\Application Data\TeamViewer
2008-11-26 15:28 . 2008-12-09 19:09 1,677,344 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-26 15:28 . 2008-12-09 19:06 20,684 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-26 15:20 . 2008-11-26 15:20 <DIR> d-------- c:\program files\ZoneAlarmSB
2008-11-25 12:18 . 2008-11-25 12:18 <DIR> d-------- c:\program files\Alwil Software
2008-11-24 14:13 . 2008-11-24 14:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-24 13:57 . 2008-11-24 14:12 <DIR> d-------- c:\program files\Windows Defender
2008-11-24 10:42 . 2008-11-24 10:42 <DIR> d-------- c:\documents and settings\Alex\Application Data\IUpd721
2008-11-23 23:49 . 2008-11-24 14:13 <DIR> d-------- c:\documents and settings\Alex\Application Data\NI.GSCNS
2008-11-23 23:41 . 2008-11-23 23:41 <DIR> d-------- c:\temp\FT62
2008-11-23 23:41 . 2008-11-23 23:41 86,272 --a------ c:\windows\system32\drivers\acpii.sys
2008-11-23 23:40 . 2008-11-23 23:40 <DIR> d-------- c:\windows\system32\mp
2008-11-23 23:40 . 2008-11-25 13:59 <DIR> d-------- c:\windows\system32\gp2
2008-11-23 23:40 . 2008-11-24 14:13 <DIR> d-------- c:\windows\system32\dim
2008-11-23 23:40 . 2008-12-09 19:07 <DIR> d-------- C:\Temp
2008-11-23 23:40 . 2008-11-23 23:49 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-23 23:40 . 2008-11-23 23:49 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-20 14:51 . 2008-11-20 14:51 <DIR> d-------- c:\documents and settings\Alex\Application Data\Viewpoint
2008-11-11 10:19 . 2008-11-11 11:10 2,790 --a------ C:\nov08.html
2008-11-11 10:19 . 2008-11-11 11:03 2,532 --a------ C:\nov08old.html

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 23:42 --------- d-----w c:\documents and settings\Alex\Application Data\FileZilla
2008-11-26 23:28 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-26 23:02 --------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2008-11-25 22:07 --------- d-----w c:\program files\Trillian
2008-11-25 22:06 --------- d-----w c:\program files\File And MP3 Tag Renamer
2008-11-24 22:13 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-24 22:12 --------- d-----w c:\program files\Yahoo!
2008-11-24 21:48 --------- d-----w c:\program files\Kaspersky Lab
2008-11-07 23:57 --------- d-----w c:\program files\FriendBlasterPro
2008-11-04 19:00 --------- d-----w c:\program files\Onyx-VJ
2008-11-04 19:00 --------- d-----w c:\documents and settings\Alex\Application Data\Onyx-VJ.387BDBF683A7AEF5D5BC0EE641CD0FBA654D8EEE.1
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 00:04 --------- d-----w c:\program files\Microsoft Silverlight
2008-04-29 02:35 56 --sh--r c:\windows\system32\B6634BD1E0.sys
2008-04-29 02:35 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-26_14.35.00.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-02 22:22:56 385,536 ----a-w c:\windows\Downloaded Program Files\Housecall_ActiveX.dll
+ 2008-03-02 10:59:16 738,304 --sh--w c:\windows\system32\_RECYCLER.EXE
- 2005-08-17 23:08:05 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-10 03:04:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-17 23:08:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-10 03:04:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-17 23:09:50 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-10 03:04:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-19 23:10:28 127,768 ----a-w c:\windows\system32\drivers\klif.sys
- 2008-11-13 23:31:27 424,536 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-30 11:45:52 470,704 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-07-09 17:05:08 796,048 ----a-w c:\windows\system32\libeay32_0.9.6l.dll
+ 2008-07-09 17:05:10 83,432 ----a-w c:\windows\system32\vsdata.dll
+ 2008-07-09 17:05:22 394,952 ----a-w c:\windows\system32\vsdatant.sys
+ 2008-07-09 17:05:10 157,160 ----a-w c:\windows\system32\vsinit.dll
+ 2008-07-09 17:05:10 103,912 ----a-w c:\windows\system32\vsmonapi.dll
+ 2008-07-09 17:05:10 275,944 ----a-w c:\windows\system32\vspubapi.dll
+ 2008-07-09 17:05:10 71,144 ----a-w c:\windows\system32\vsregexp.dll
+ 2008-07-09 17:05:12 472,552 ----a-w c:\windows\system32\vsutil.dll
+ 2008-07-09 17:05:12 46,568 ----a-w c:\windows\system32\vswmi.dll
+ 2008-07-09 17:05:12 99,816 ----a-w c:\windows\system32\vsxml.dll
+ 2008-07-09 17:05:12 83,432 ----a-w c:\windows\system32\zlcomm.dll
+ 2008-07-09 17:05:12 71,144 ----a-w c:\windows\system32\zlcommdb.dll
- 2008-04-07 16:21:44 4,212 ---h--w c:\windows\system32\zllictbl.dat
+ 2008-11-26 23:20:52 4,212 ---h--w c:\windows\system32\zllictbl.dat
+ 2008-07-09 17:05:06 370,208 ----a-w c:\windows\system32\ZoneLabs\av.dll
+ 2007-05-31 08:03:30 65,248 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 22:47:36 21,568 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-31 08:03:30 1,628 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\pdmkl.dat
+ 2007-05-31 08:03:16 77,824 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 08:03:16 110,592 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 08:03:16 331,776 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 08:03:16 38,400 ----a-w c:\windows\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-20 07:12:14 208,960 ----a-w c:\windows\system32\ZoneLabs\avsys\inv.dll
+ 2007-12-03 22:53:58 282,624 ----a-w c:\windows\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-20 02:13:52 1,093,632 ----a-w c:\windows\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-31 08:03:20 548,864 ----a-w c:\windows\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 08:03:20 626,688 ----a-w c:\windows\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 08:03:18 184,320 ----a-w c:\windows\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 08:03:22 90,112 ----a-w c:\windows\system32\ZoneLabs\avsys\prremote.dll
+ 2007-12-03 22:53:58 139,264 ----a-w c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-20 02:13:52 200,704 ----a-w c:\windows\system32\ZoneLabs\avsys\ssleay32.dll
+ 2008-07-09 17:05:06 99,816 ----a-w c:\windows\system32\ZoneLabs\camupd.dll
+ 2004-01-30 20:35:08 813,568 ----a-w c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2008-07-09 17:05:08 128,480 ----a-w c:\windows\system32\ZoneLabs\fbl.dll
+ 2008-07-09 17:05:08 38,376 ----a-w c:\windows\system32\ZoneLabs\featuremap.dll
+ 2008-07-09 17:05:08 321,016 ----a-w c:\windows\system32\ZoneLabs\imsecure.dll
+ 2008-07-09 17:05:24 288,144 ----a-w c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2008-11-27 03:25:12 152,976 ----a-w c:\windows\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-07-09 17:05:24 26,000 ----a-w c:\windows\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-07-09 17:05:24 1,361,296 ----a-w c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-07-09 17:05:24 71,056 ----a-w c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-07-09 17:06:26 30,184 ----a-w c:\windows\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2008-07-09 17:06:26 30,216 ----a-w c:\windows\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2008-02-27 11:10:26 714,208 ----a-w c:\windows\system32\ZoneLabs\qrbase.dll
+ 2008-02-27 11:10:28 792,032 ----a-w c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2008-07-09 17:05:08 173,544 ----a-w c:\windows\system32\ZoneLabs\scheduler.dll
+ 2008-01-21 16:34:36 7,603,688 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
+ 2008-02-27 11:10:32 1,504,736 ----a-w c:\windows\system32\ZoneLabs\srescan.dll
+ 2008-02-27 11:10:44 51,176 ----a-w c:\windows\system32\ZoneLabs\srescan.sys
+ 2008-07-09 17:05:10 456,168 ----a-w c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2008-07-09 17:06:26 214,528 ----a-w c:\windows\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2008-07-09 17:06:30 3,266,040 ----a-w c:\windows\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-05 04:59:14 503,875 ----a-w c:\windows\system32\ZoneLabs\upd_core.dll
+ 2007-10-12 00:50:32 832,984 ----a-w c:\windows\system32\ZoneLabs\updating.dll
+ 2008-07-09 17:05:18 144,936 ----a-w c:\windows\system32\ZoneLabs\updclient.exe
+ 2007-01-12 01:31:06 286,787 ----a-w c:\windows\system32\ZoneLabs\updtrsdk.dll
+ 2008-07-09 17:05:10 108,008 ----a-w c:\windows\system32\ZoneLabs\vsavpro.dll
+ 2008-07-09 17:05:10 83,432 ----a-w c:\windows\system32\ZoneLabs\vsdb.dll
+ 2008-07-09 17:05:18 75,304 ----a-w c:\windows\system32\ZoneLabs\vsmon.exe
+ 2008-07-09 17:05:10 2,029,032 ----a-w c:\windows\system32\ZoneLabs\vsmondll.dll
+ 2008-07-09 17:05:12 1,361,384 ----a-w c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2008-07-09 17:05:12 239,080 ----a-w c:\windows\system32\ZoneLabs\vsvault.dll
+ 2008-01-21 16:34:36 7,603,688 ----a-w c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2008-07-09 17:05:12 177,640 ----a-w c:\windows\system32\ZoneLabs\zlparser.dll
+ 2008-07-09 17:05:12 79,344 ----a-w c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2008-07-09 17:05:14 382,440 ----a-w c:\windows\system32\ZoneLabs\zlsre.dll
+ 2008-07-09 17:05:14 120,296 ----a-w c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2008-07-09 17:05:16 1,086,952 ----a-w c:\windows\system32\zpeng24.dll
+ 2006-12-02 06:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 08:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 08:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 08:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 08:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 08:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 08:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 08:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 08:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 08:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 08:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 08:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 08:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 08:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 08:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2008-07-09 17:05:20 75,248 ----a-w c:\windows\zllsputility.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-03-17 184320]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-06-27 189440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-08-19 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-11 110592]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-07-25 24576]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2006-07-26 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 13:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\yukojuni.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"midi1"= usbkt1x1.dll
"midi2"= usbkt1x1.dll
"midi4"= usbnp4x4.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Alex\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
1 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-14 23:04 332800 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-26 22:02 86016 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 13:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 13:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 13:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
--a------ 2005-11-09 13:19 634880 c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2003-12-10 01:52 380928 c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 08:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-07-25 11:57 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 acpii;acpii;c:\windows\system32\drivers\acpii.sys [2008-11-23 86272]
R2 MAudioAudiophileService;M-Audio Audiophile Installer;c:\program files\M-Audio\Audiophile USB\MAUSBAPInst.exe [2007-09-25 81920]
S3 MADFU003;MADFU003;c:\windows\system32\DRIVERS\MADFU003.sys [2007-09-25 69248]
S3 MAUSBAP;Service for M-Audio Audiophile (WDM);c:\windows\system32\DRIVERS\mausbap.sys [2007-09-25 129408]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\NSNDIS5.SYS [2004-03-23 17280]
S3 UKS11LDR;Midiman USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2006-12-06 15708]
S3 USBKS1X1;Midiman USB Keystation Midi Driver;c:\windows\system32\drivers\usbks1x1.sys [2006-12-06 29168]
S3 USBNP4X4;M-Audio Audiophile USB Midi;c:\windows\system32\drivers\usbnp4x4.sys [2007-09-25 22336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0868c9c-82a0-11dc-85dc-0013ce20e2f2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc62d8b0-8bc7-11db-83c5-0013ce20e2f2}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6ba15638-5573-4d1b-b13a-7cbba6557fe9} - c:\windows\system32\nelesoye.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\1hrj34kp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.visaomedia.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 19:07:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000001BD4428DC13C9CFA6B 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Maxtor\OneTouch\Utils\SyncServices.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.5.0_08\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-12-09 19:18:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 03:18:24

Pre-Run: 15,946,829,824 bytes free
Post-Run: 15,955,759,104 bytes free

346 --- E O F --- 2008-11-29 07:53:29

Edited by siccboy, 30 November 2008 - 01:29 PM.


BC AdBot (Login to Remove)

 


#2 siccboy

siccboy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 30 November 2008 - 01:29 PM

This is the third time i ran combofix......let me know if you see anything that I still need to do or fix or delete. Thanks in advance. :thumbsup:

ComboFix 08-11-30.01 - Alex 1981-01-12 9:52:02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.425 [GMT -8:00]
Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\tn3
c:\windows\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Media Serial Number Service


((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.

2008-11-30 17:35 . 2008-11-30 17:36 <DIR> d-------- c:\program files\RogueRemover FREE
2008-11-30 10:02 . 2008-11-30 10:02 <DIR> d-------- c:\temp\tn3
2008-11-30 10:01 . 2008-11-30 10:02 932 --------- c:\windows\system32\drivers\core.cache.dsk
2008-11-30 01:23 . 2008-11-30 01:23 <DIR> d-------- c:\documents and settings\Alex\Application Data\Amazon
2008-11-30 01:22 . 2008-11-30 01:22 <DIR> d-------- c:\program files\Amazon
2008-11-29 20:04 . 2008-03-02 02:59 738,304 ---hs---- c:\windows\system32\_RECYCLER.EXE
2008-11-29 18:41 . 2007-08-01 22:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-29 13:49 . 2008-11-29 15:32 <DIR> d-------- c:\documents and settings\Alex\.housecall6.6
2008-11-29 13:33 . 2008-11-29 13:33 <DIR> d-------- c:\documents and settings\Alex\temp
2008-11-29 13:33 . 2008-11-29 13:33 <DIR> d-------- c:\documents and settings\Alex\Application Data\TeamViewer
2008-11-26 15:28 . 2008-11-30 10:04 1,931,296 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-26 15:28 . 2008-11-30 10:01 23,636 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-26 15:20 . 2008-11-26 15:20 <DIR> d-------- c:\program files\ZoneAlarmSB
2008-11-25 12:18 . 2008-11-25 12:18 <DIR> d-------- c:\program files\Alwil Software
2008-11-24 14:13 . 2008-11-24 14:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-24 13:57 . 2008-11-24 14:12 <DIR> d-------- c:\program files\Windows Defender
2008-11-24 10:42 . 2008-11-24 10:42 <DIR> d-------- c:\documents and settings\Alex\Application Data\IUpd721
2008-11-23 23:49 . 2008-11-24 14:13 <DIR> d-------- c:\documents and settings\Alex\Application Data\NI.GSCNS
2008-11-23 23:41 . 2008-11-23 23:41 <DIR> d-------- c:\temp\FT62
2008-11-23 23:41 . 2008-11-23 23:41 86,272 --a------ c:\windows\system32\drivers\acpii.sys
2008-11-23 23:40 . 2008-11-23 23:40 <DIR> d-------- c:\windows\system32\mp
2008-11-23 23:40 . 2008-11-25 13:59 <DIR> d-------- c:\windows\system32\gp2
2008-11-23 23:40 . 2008-11-24 14:13 <DIR> d-------- c:\windows\system32\dim
2008-11-23 23:40 . 2008-11-30 10:02 <DIR> d-------- C:\Temp
2008-11-23 23:40 . 2008-11-23 23:49 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-23 23:40 . 2008-11-23 23:49 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-20 14:51 . 2008-11-20 14:51 <DIR> d-------- c:\documents and settings\Alex\Application Data\Viewpoint
2008-11-11 10:19 . 2008-11-11 11:10 2,790 --a------ C:\nov08.html
2008-11-11 10:19 . 2008-11-11 11:03 2,532 --a------ C:\nov08old.html
2008-11-07 15:56 . 2008-11-07 15:57 <DIR> d-------- c:\program files\FriendBlasterPro
2008-11-07 15:56 . 2005-07-15 12:49 245,760 --a------ c:\windows\system32\aUpdateNow.ocx
2008-11-07 15:56 . 2008-11-23 23:49 115,016 --a------ c:\windows\system32\MSINET.OCX
2008-11-07 15:56 . 2000-07-15 00:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2008-11-04 11:00 . 2008-11-04 11:00 <DIR> d-------- c:\program files\Onyx-VJ
2008-11-04 11:00 . 2008-11-04 11:00 <DIR> d-------- c:\documents and settings\Alex\Application Data\Onyx-VJ.387BDBF683A7AEF5D5BC0EE641CD0FBA654D8EEE.1
2008-10-15 11:51 . 2008-10-15 21:43 151 --a------ c:\windows\PhotoSnapViewer.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 23:42 --------- d-----w c:\documents and settings\Alex\Application Data\FileZilla
2008-11-26 23:28 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-26 23:02 --------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2008-11-25 22:07 --------- d-----w c:\program files\Trillian
2008-11-25 22:06 --------- d-----w c:\program files\File And MP3 Tag Renamer
2008-11-24 22:13 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-24 22:12 --------- d-----w c:\program files\Yahoo!
2008-11-24 21:48 --------- d-----w c:\program files\Kaspersky Lab
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 00:04 --------- d-----w c:\program files\Microsoft Silverlight
2008-04-29 02:35 56 --sh--r c:\windows\system32\B6634BD1E0.sys
2008-04-29 02:35 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-12-09_19.17.50.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-19 05:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 22:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-07-19 05:10:48 94,920 ----a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 22:09:44 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
- 2008-07-19 05:09:44 563,912 ----a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 22:12:20 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 05:10:42 53,448 ----a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 22:09:44 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 05:09:42 1,811,656 ----a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 22:13:40 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 05:09:46 325,832 ----a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 22:12:22 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 05:10:20 36,552 ----a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 22:08:58 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 05:09:44 205,000 ----a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 22:13:40 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
- 2008-07-19 05:07:34 270,880 ----a-w c:\windows\system32\mucltui.dll
+ 2008-10-16 22:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
- 2008-07-19 05:07:32 210,976 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 22:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 22:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 22:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2008-07-19 05:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 22:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-19 05:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 22:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-19 05:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 22:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-19 05:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 22:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2008-07-19 05:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 22:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-19 05:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 22:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-19 05:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 22:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-03-17 184320]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-06-27 189440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-08-19 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-11 110592]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-07-25 24576]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2006-07-26 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 13:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\yukojuni.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"midi1"= usbkt1x1.dll
"midi2"= usbkt1x1.dll
"midi4"= usbnp4x4.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Alex\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
1 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-14 23:04 332800 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-26 22:02 86016 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 13:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 13:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 13:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
--a------ 2005-11-09 13:19 634880 c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2003-12-10 01:52 380928 c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 08:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-07-25 11:57 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 acpii;acpii;c:\windows\system32\drivers\acpii.sys [2008-11-23 86272]
R2 MAudioAudiophileService;M-Audio Audiophile Installer;c:\program files\M-Audio\Audiophile USB\MAUSBAPInst.exe [2007-09-25 81920]
S3 MADFU003;MADFU003;c:\windows\system32\DRIVERS\MADFU003.sys [2007-09-25 69248]
S3 MAUSBAP;Service for M-Audio Audiophile (WDM);c:\windows\system32\DRIVERS\mausbap.sys [2007-09-25 129408]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\NSNDIS5.SYS [2004-03-23 17280]
S3 UKS11LDR;Midiman USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2006-12-06 15708]
S3 USBKS1X1;Midiman USB Keystation Midi Driver;c:\windows\system32\drivers\usbks1x1.sys [2006-12-06 29168]
S3 USBNP4X4;M-Audio Audiophile USB Midi;c:\windows\system32\drivers\usbnp4x4.sys [2007-09-25 22336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0868c9c-82a0-11dc-85dc-0013ce20e2f2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc62d8b0-8bc7-11db-83c5-0013ce20e2f2}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-11-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\1hrj34kp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.visaomedia.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 10:02:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Maxtor\OneTouch\Utils\SyncServices.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre1.5.0_08\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-11-30 10:10:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-30 18:10:43
ComboFix2.txt 2008-12-10 03:18:29

Pre-Run: 15,628,558,336 bytes free
Post-Run: 15,638,069,248 bytes free

284 --- E O F --- 2008-11-29 07:53:29

#3 siccboy

siccboy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 01 December 2008 - 12:34 PM

bump

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:02:31 AM

Posted 14 December 2008 - 05:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 siccboy

siccboy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 18 December 2008 - 08:09 PM

ok....here is the DDS results.

DDS (Version 1.1.0) - NTFSx86
Run by Alex at 17:03:45.01 on Thu 12/18/2008
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1006.313 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\program files\internet explorer\IEXPLORE.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Alex\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.visaomedia.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_08\bin\jusched.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: c:\windows\system32\yukojuni.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\1hrj34kp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.visaomedia.com/
FF - component: c:\documents and settings\alex\application data\mozilla\firefox\profiles\1hrj34kp.default\extensions\{0784cd66-62fe-4cef-abf4-f8ed9b654acc}\components\tab_effect_xpcom.dll
FF - component: c:\documents and settings\alex\application data\mozilla\firefox\profiles\1hrj34kp.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

============= SERVICES / DRIVERS ===============

R1 acpii;acpii;c:\windows\system32\drivers\acpii.sys [2008-11-23 86272]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-11-26 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-26 394952]
R2 MAudioAudiophileService;M-Audio Audiophile Installer;c:\program files\m-audio\audiophile usb\MAUSBAPInst.exe [2007-9-25 81920]
R2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
S2 Media Serial Number Service;Media Serial Number Service;c:\program files\common files\microsoft shared\msinfo\RECYCLER.EXE [2008-12-8 738304]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []
S3 MADFU003;MADFU003;c:\windows\system32\drivers\MADFU003.sys [2007-9-25 69248]
S3 MAUSBAP;Service for M-Audio Audiophile (WDM);c:\windows\system32\drivers\mausbap.sys [2007-9-25 129408]
S3 UKS11LDR;Midiman USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2006-12-6 15708]
S3 USBKS1X1;Midiman USB Keystation Midi Driver;c:\windows\system32\drivers\usbks1x1.sys [2006-12-6 29168]
S3 USBNP4X4;M-Audio Audiophile USB Midi;c:\windows\system32\drivers\usbnp4x4.sys [2007-9-25 22336]

=============== Created Last 30 ================

2008-11-30 17:35 <DIR> --d----- c:\program files\RogueRemover FREE
2008-11-30 10:02 <DIR> --d----- c:\temp\tn3
2008-11-30 10:01 167,976 -------- c:\windows\system32\drivers\core.cache.dsk
2008-11-30 01:22 <DIR> --d----- c:\program files\Amazon
2008-11-29 20:04 738,304 ---sh--- c:\windows\system32\_RECYCLER.EXE
2008-11-29 18:41 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2008-11-29 13:49 <DIR> --d----- c:\documents and settings\alex\.housecall6.6
2008-11-29 13:33 <DIR> --d----- c:\docume~1\alex\applic~1\TeamViewer
2008-11-29 13:33 <DIR> --d----- c:\documents and settings\alex\temp
2008-11-26 15:28 5,943,328 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-11-26 15:28 63,104 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-11-26 15:20 <DIR> --d----- c:\program files\ZoneAlarmSB
2008-11-25 14:17 <DIR> --d----- C:\cmdcons
2008-11-25 14:16 161,792 a------- c:\windows\SWREG.exe
2008-11-25 14:16 98,816 a------- c:\windows\sed.exe
2008-11-24 14:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2008-11-24 10:42 <DIR> --d----- c:\docume~1\alex\applic~1\IUpd721
2008-11-23 23:49 <DIR> --d----- c:\docume~1\alex\applic~1\NI.GSCNS
2008-11-23 23:41 86,272 a------- c:\windows\system32\drivers\acpii.sys
2008-11-23 23:41 <DIR> --d----- c:\temp\FT62
2008-11-23 23:40 <DIR> --d----- c:\windows\system32\mp
2008-11-23 23:40 <DIR> --d----- c:\windows\system32\gp2
2008-11-23 23:40 <DIR> --d----- c:\windows\system32\dim
2008-11-23 23:40 <DIR> --d----- C:\Temp
2008-11-23 23:40 29,184 a------- c:\windows\system32\MSINET.oca
2008-11-23 23:40 2,407 a------- c:\windows\system32\MSINET.DEP

==================== Find3M ====================

2008-12-12 22:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-26 15:20 4,212 ----h--- c:\windows\system32\zllictbl.dat
2008-10-24 03:10 453,632 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 03:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 05:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 05:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 05:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 05:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 08:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-14 23:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-14 23:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 02:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 02:15 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-23 16:46 245,408 a------- c:\windows\system32\unicows.dll
2008-04-28 18:35 56 ---shr-- c:\windows\system32\B6634BD1E0.sys
2008-04-28 18:35 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-03-02 02:59 738,304 ---sh--- c:\windows\system32\_RECYCLER.EXE

============= FINISH: 17:04:44.59 ===============

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 AM

Posted 23 December 2008 - 01:59 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Please run OTViewIT, you didn't attach back with the attach.txt...Next time please do so.

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

This is the third time i ran combofix......let me know if you see anything that I still need to do or fix or delete. Thanks in advance

Please note the sticky in the beginning of this post... DO NOT post a ComboFix log unless requested to.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • C:\Qoobox\Combofix3.txt<-This log..
  • Description of any problems you may have.
Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy

Edited by extremeboy, 23 December 2008 - 02:03 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 AM

Posted 27 December 2008 - 05:29 PM

Hi.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5 days the topic will need to be closed. I know it is the holidays so I will leave the topic a bit longer than usual.

Thanks for understanding. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 siccboy

siccboy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 29 December 2008 - 01:18 PM

yes thank you.....here is OTviewIT.txt:

OTViewIt logfile created on: 12/29/2008 10:09:51 AM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Alex\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.42 Mb Total Physical Memory | 241.88 Mb Available Physical Memory | 24.03% Memory free
2.37 Gb Paging File | 1.66 Gb Available in Paging File | 70.11% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.23 Gb Total Space | 7.79 Gb Free Space | 14.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEGRAVEYARD
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2004/09/07 13:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2004/09/07 13:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2004/09/07 13:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2004/09/07 13:12:32 | 00,225,353 | ---- | M] (Intel« Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[2004/09/07 13:03:40 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
[2005/04/04 15:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
[2008/07/22 19:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2004/08/27 07:33:32 | 00,110,592 | R--- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
[2007/06/29 06:29:08 | 00,081,920 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe
[2004/08/04 02:00:00 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
[2006/07/26 00:03:14 | 00,049,263 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
[2004/05/13 21:23:56 | 00,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2004/05/14 11:35:50 | 00,536,576 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2004/10/30 11:59:54 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2005/09/20 06:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2005/09/20 06:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2002/09/10 18:26:26 | 00,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
[2005/04/04 15:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
[2006/03/17 18:24:16 | 00,184,320 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
[2007/06/27 06:28:44 | 00,189,440 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
[2008/07/30 09:47:56 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2005/09/20 06:32:16 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2006/10/22 22:24:02 | 00,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[2004/08/04 02:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/05/16 06:27:16 | 00,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[2004/08/04 02:00:00 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
[2008/10/14 23:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2005/11/09 13:40:32 | 00,110,592 | ---- | M] ( ) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
[2004/09/07 13:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2005/04/04 15:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
[2003/10/28 23:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
[2004/08/04 02:00:00 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspaint.exe
[2007/05/16 06:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
[2008/12/18 16:19:43 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2007/05/16 06:27:38 | 01,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
[2008/07/30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/12/19 16:51:01 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/10/14 23:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/29 10:09:08 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTViewIt.exe
[2006/10/23 00:40:14 | 00,349,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
[2008/10/14 23:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

========== (O23) Win32 Services ==========

[2006/10/22 13:45:13 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005/04/04 15:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2 [Auto | Running])
[2008/07/22 19:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2004/08/27 07:33:32 | 00,110,592 | R--- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
[2004/09/07 13:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2008/12/18 16:19:43 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2006/10/20 18:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2005/04/03 21:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/10/30 00:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/07/30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/06/29 06:29:08 | 00,081,920 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe -- (MAudioAudiophileService [Auto | Running])
[2008/03/02 02:59:16 | 00,738,304 | -HS- | M] () -- C:\Program Files\Common Files\Microsoft Shared\MSInfo\RECYCLER.EXE -- (Media Serial Number Service [Auto | Stopped])
[2007/04/13 18:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2006/10/30 00:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/05/16 06:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
[2005/11/09 13:40:32 | 00,110,592 | ---- | M] ( ) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1 [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/09/07 13:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2004/09/07 13:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Stopped])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2004/09/07 13:12:32 | 00,225,353 | ---- | M] (Intel« Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])
[2006/10/18 17:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/11/23 23:41:09 | 00,086,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\acpii.sys -- (acpii [System | Running])
[2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
[2005/07/25 11:48:58 | 00,017,056 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 10:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/03 20:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2001/08/17 10:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 10:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2005/07/25 11:57:36 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2004/05/26 17:18:18 | 00,044,928 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2006/03/10 13:31:02 | 00,044,224 | R--- | M] (BVRP Software) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5 [On_Demand | Stopped])
[2001/08/17 10:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 10:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2001/08/17 09:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2003/11/13 21:21:16 | 00,197,120 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
[2003/11/13 21:17:00 | 01,042,816 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/09/20 07:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/08/12 05:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA [On_Demand | Running])
[2004/09/29 00:02:00 | 00,016,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctpdusb2.sys -- (Jukebox [On_Demand | Stopped])
[2004/08/03 20:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2007/06/27 06:27:16 | 00,069,248 | ---- | M] (M-Audio) -- C:\WINDOWS\system32\drivers\MADFU003.sys -- (MADFU003 [On_Demand | Stopped])
[2007/06/27 06:39:14 | 00,129,408 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\drivers\mausbap.sys -- (MAUSBAP [On_Demand | Stopped])
[2003/04/09 15:48:08 | 00,011,043 | R--- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2004/11/02 12:45:04 | 00,102,320 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf [System | Running])
[2001/08/17 10:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2005/04/06 11:05:24 | 00,015,360 | ---- | M] (Maxtor Corp.) -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD [On_Demand | Stopped])
[2004/03/23 18:12:34 | 00,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5 [On_Demand | Stopped])
[2004/08/03 19:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 13:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2003/06/19 02:04:18 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 02:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/01/25 23:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 10:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 10:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 10:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2004/08/31 05:53:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2006/03/17 18:24:59 | 00,026,844 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/03 20:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2001/08/17 11:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2004/11/15 18:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97 [On_Demand | Running])
[2001/08/17 11:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 11:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 11:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 11:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2004/05/13 21:19:22 | 00,182,688 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2004/05/21 16:18:56 | 00,067,072 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm.sys -- (tifm [On_Demand | Running])
[2007/08/01 22:47:26 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2001/09/14 06:11:02 | 00,015,708 | R--- | M] (MIDIMAN) -- C:\WINDOWS\system32\drivers\uks11ldr.sys -- (UKS11LDR [On_Demand | Stopped])
[2001/08/17 10:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/07/22 19:32:44 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2004/08/03 20:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2001/09/14 06:11:02 | 00,029,168 | R--- | M] (Doug Fetter Software Wizardry) -- C:\WINDOWS\system32\drivers\usbks1x1.sys -- (USBKS1X1 [On_Demand | Stopped])
[2007/06/27 06:27:16 | 00,022,336 | ---- | M] (Doug Fetter Software Wizardry) -- C:\WINDOWS\system32\drivers\usbnp4x4.sys -- (USBNP4X4 [On_Demand | Stopped])
[2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2004/10/21 17:56:04 | 03,210,496 | ---- | M] (Intel« Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51 [On_Demand | Running])
[2003/11/13 21:18:36 | 00,679,808 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/08/04 02:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=http://www.visaomedia.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;*.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=http://www.visaomedia.com/

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;*.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{6ba15638-5573-4d1b-b13a-7cbba6557fe9} (HKLM) -- C:\WINDOWS\system32\weluyiki.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"34804d63"=rundll32.exe "C:\WINDOWS\system32\losidaje.dll",b ()
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" (Adobe Sytems Incorporated)
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
"CPM37b37eff"=Rundll32.exe "c:\windows\system32\dezubebo.dll",a ()
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"M-Audio Taskbar Icon"=C:\WINDOWS\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)
"zufakugowe"=Rundll32.exe "C:\WINDOWS\system32\kuhihihu.dll",s ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zufakugowe"=Rundll32.exe "C:\WINDOWS\system32\kuhihihu.dll",s ()

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)

========== (O4) Startup Folders ==========

[2008/08/19 11:40:44 | 00,295,606 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
[2006/10/22 23:01:50 | 00,734,872 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
[2000/08/24 12:16:34 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2003/10/28 23:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2003/10/10 06:06:10 | 00,217,088 | ---- | M] (Motive Communications, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoBandCustomize"=0
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoBandCustomize"=0
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %SystemRoot%\system32\msjava.dll [2008/07/31 10:16:54 | 00,947,472 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 04:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2008/07/31 10:16:54 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2008/07/31 10:16:54 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/plugin/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{82774781-8F4E-11D1-AB1C-0000F8773BF0}: https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab -- DLC Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{9544E61A-6761-4411-8E01-D811710D60FD} (Servers: | Description: 1394 Net Adapter)
{9D4E26F6-9024-404F-B589-70BB46F1CABA} (Servers: | Description: Intel® PRO/Wireless 2200BG Network Connection)
{B5A06D00-5337-4FCD-B8A8-0F78CC5CE589} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=c:\windows\system32\yukojuni.dll c:\windows\system32\dezubebo.dll,C:\WINDOWS\system32\rikopebo.dll
>File not found -- c:\windows\system32\yukojuni.dll
>[2008/09/29 09:31:00 | 00,063,058 | -HS- | M] () -- C:\WINDOWS\system32\rikopebo.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
IntelWireless: "DllName" = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll -- C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (HKLM) -- c:\WINDOWS\system32\dezubebo.dll ()

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" (HKLM) = STS -- c:\WINDOWS\system32\dezubebo.dll ()

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 10:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fe30501-e1ba-11d7-82ef-0013ce20e2f2}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fe30501-e1ba-11d7-82ef-0013ce20e2f2}\Shell\Auto\command]
""=F:\RECYCLER.EXE -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fe30501-e1ba-11d7-82ef-0013ce20e2f2}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fe30501-e1ba-11d7-82ef-0013ce20e2f2}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/10/25 19:34:01 | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{417b7180-8369-11dd-8a3f-0013ce20e2f2}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{417b7180-8369-11dd-8a3f-0013ce20e2f2}\Shell\Auto\command]
""=F:\RECYCLER.EXE -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{417b7180-8369-11dd-8a3f-0013ce20e2f2}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{417b7180-8369-11dd-8a3f-0013ce20e2f2}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/10/25 19:34:01 | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0868c9c-82a0-11dc-85dc-0013ce20e2f2}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0868c9c-82a0-11dc-85dc-0013ce20e2f2}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0868c9c-82a0-11dc-85dc-0013ce20e2f2}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc62d8b0-8bc7-11db-83c5-0013ce20e2f2}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc62d8b0-8bc7-11db-83c5-0013ce20e2f2}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc62d8b0-8bc7-11db-83c5-0013ce20e2f2}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Documents and Settings\Alex\Desktop\*.tmp files]
[2008/12/29 10:09:08 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTViewIt.exe
[2008/12/28 21:06:01 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ejadisol.ini
[2008/12/28 10:29:15 | 00,064,000 | ---- | C] () -- C:\WINDOWS\System32\~.exe
[2008/12/28 09:58:08 | 07,166,736 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\tc+berry+-+funky+guitar+(fpi+funky+mix).mp3
[2008/12/28 09:57:43 | 06,730,414 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\tc+berry+-+1991+(berry+version).mp3
[2008/12/28 09:57:34 | 07,643,122 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\tc berry - down groove.mp3
[2008/12/28 09:50:47 | 06,262,792 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\tc berry - the funk is back.mp3
[2008/12/28 09:50:35 | 06,554,508 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\tc berry - don't clear the funk.mp3
[2008/12/28 09:07:06 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ihizunad.ini
[2008/12/27 19:56:17 | 01,261,704 | -HS- | C] () -- C:\WINDOWS\System32\abosanap.ini
[2008/12/25 15:01:44 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\mobeteda.exe
[2008/12/25 09:47:07 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\DJs.doc
[2008/12/25 09:17:58 | 00,029,647 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\l_ae8b1da3e0af1a2b18395b5cc17f4730.jpg
[2008/12/24 22:33:07 | 00,052,508 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\l_3ff708673e26ddf2b5f163c4df57d601.jpg
[2008/12/24 22:23:00 | 00,075,479 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\img_9067.jpg
[2008/12/24 22:16:25 | 00,028,542 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\studio.jpg
[2008/12/24 22:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\jan10th
[2008/12/24 21:56:27 | 00,124,719 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\VM_secretcity.jpg
[2008/12/24 11:50:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\tryouts
[2008/12/23 11:05:39 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\hasimire.exe
[2008/12/22 20:56:56 | 00,137,522 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Untitled-1gfsdg.jpg
[2008/12/22 20:54:00 | 00,490,281 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Untitled-1gfsdg.psd
[2008/12/22 17:02:56 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\jaditibi.exe
[2008/12/20 16:24:16 | 13,950,9446 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Jeff Vigilante - Mind Music.wav
[2008/12/20 16:11:34 | 12,563,5664 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Jeff Vigilante - Body Trip.wav
[2008/12/19 02:24:36 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ubebefid.ini
[2008/12/18 16:40:24 | 00,000,856 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Adobe Photoshop CS4.lnk
[2008/12/18 16:34:21 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2008/12/15 00:22:45 | 00,088,404 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\image-FDF4_49458DBF.jpg
[2008/12/14 19:12:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\gphotoart_blog
[2008/12/11 15:26:00 | 00,215,821 | ---- | C] () -- C:\Documents and Settings\Alex\My Documents\auralism_logo.eps
[2008/11/30 18:50:03 | 10,553,79456 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/30 10:33:16 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/11/30 10:01:58 | 00,167,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\core.cache.dsk
[2008/11/30 01:23:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\Amazon
[2008/11/30 01:22:06 | 00,000,000 | ---D | C] -- C:\Program Files\Amazon
[2008/11/29 20:04:09 | 00,738,304 | -HS- | C] () -- C:\WINDOWS\System32\_RECYCLER.EXE
[2008/11/29 19:45:41 | 54,699,956 | ---- | C] () -- C:\Documents and Settings\Alex\My Documents\software-key.reg
[2008/11/29 18:41:19 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/11/29 13:33:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\TeamViewer
[2008/11/29 13:33:27 | 01,335,000 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\TeamViewerQS.exe

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Alex\My Documents\*.tmp files]
[1 C:\Documents and Settings\Alex\Desktop\*.tmp files]
[2008/12/29 10:11:07 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\pigakopi
[2008/12/29 10:09:08 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTViewIt.exe
[2008/12/29 10:05:53 | 07,886,880 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/12/29 09:53:05 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/12/29 09:51:14 | 00,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/12/29 09:50:21 | 00,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2008/12/29 09:50:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/29 09:49:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/29 09:49:53 | 10,553,79456 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/29 09:49:00 | 00,094,304 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/12/29 09:30:32 | 00,063,058 | -HS- | M] (ESET) -- C:\WINDOWS\System32\jamamafo.dll
[2008/12/28 21:38:27 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\DJs.doc
[2008/12/28 21:06:03 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\ejadisol.ini
[2008/12/28 21:05:59 | 00,097,943 | -HS- | M] () -- C:\WINDOWS\System32\dezubebo.dll
[2008/12/28 21:05:59 | 00,087,098 | -HS- | M] () -- C:\WINDOWS\System32\losidaje.dll
[2008/12/28 20:52:46 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Microsoft Office Outlook 2003.lnk
[2008/12/28 10:29:49 | 00,064,000 | ---- | M] () -- C:\WINDOWS\System32\~.exe
[2008/12/28 10:16:36 | 06,730,414 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\tc+berry+-+1991+(berry+version).mp3
[2008/12/28 09:59:06 | 07,166,736 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\tc+berry+-+funky+guitar+(fpi+funky+mix).mp3
[2008/12/28 09:58:36 | 07,643,122 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\tc berry - down groove.mp3
[2008/12/28 09:51:23 | 06,262,792 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\tc berry - the funk is back.mp3
[2008/12/28 09:51:14 | 06,554,508 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\tc berry - don't clear the funk.mp3
[2008/12/28 09:07:28 | 00,115,200 | ---- | M] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/28 09:07:06 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\ihizunad.ini
[2008/12/28 09:06:59 | 00,097,920 | -HS- | M] () -- C:\WINDOWS\System32\likebowa.dll
[2008/12/28 09:06:58 | 00,087,197 | ---- | M] () -- C:\WINDOWS\System32\danuzihi.dll
[2008/12/27 19:56:34 | 01,261,704 | -HS- | M] () -- C:\WINDOWS\System32\abosanap.ini
[2008/12/27 19:56:18 | 00,063,094 | -HS- | M] () -- C:\WINDOWS\System32\jukaraso.dll
[2008/12/27 19:56:17 | 00,097,894 | -HS- | M] () -- C:\WINDOWS\System32\kijudawi.dll
[2008/12/27 19:56:17 | 00,087,167 | -HS- | M] () -- C:\WINDOWS\System32\panasoba.dll
[2008/12/27 11:24:03 | 02,351,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/26 14:51:26 | 00,169,832 | ---- | M] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/25 15:01:44 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\mobeteda.exe
[2008/12/25 13:27:27 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Microsoft Office Word 2003.lnk
[2008/12/25 09:17:59 | 00,029,647 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\l_ae8b1da3e0af1a2b18395b5cc17f4730.jpg
[2008/12/24 22:33:07 | 00,052,508 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\l_3ff708673e26ddf2b5f163c4df57d601.jpg
[2008/12/24 22:23:00 | 00,075,479 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\img_9067.jpg
[2008/12/24 22:16:26 | 00,028,542 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\studio.jpg
[2008/12/24 21:56:27 | 00,124,719 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\VM_secretcity.jpg
[2008/12/23 11:05:39 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\hasimire.exe
[2008/12/22 20:56:58 | 00,137,522 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Untitled-1gfsdg.jpg
[2008/12/22 20:54:00 | 00,490,281 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Untitled-1gfsdg.psd
[2008/12/22 17:02:56 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\jaditibi.exe
[2008/12/22 12:28:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/20 16:37:34 | 13,950,9446 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Jeff Vigilante - Mind Music.wav
[2008/12/20 16:24:33 | 12,563,5664 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Jeff Vigilante - Body Trip.wav
[2008/12/19 02:24:37 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\ubebefid.ini
[2008/12/19 02:24:30 | 00,094,916 | -HS- | M] () -- C:\WINDOWS\System32\weyokupi.dll
[2008/12/19 02:24:30 | 00,087,308 | ---- | M] () -- C:\WINDOWS\System32\difebebu.dll
[2008/12/18 16:40:24 | 00,000,856 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Adobe Photoshop CS4.lnk
[2008/12/16 02:46:46 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/15 00:22:45 | 00,088,404 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\image-FDF4_49458DBF.jpg
[2008/12/13 18:58:34 | 00,129,024 | -HS- | M] () -- C:\Documents and Settings\Alex\Desktop\Thumbs.db
[2008/12/12 22:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 22:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/12 13:33:51 | 00,526,408 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/12 13:33:51 | 00,446,438 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/12 13:33:51 | 00,073,226 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/12 11:53:48 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/12 11:53:10 | 00,000,633 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/11 15:26:00 | 00,215,821 | ---- | M] () -- C:\Documents and Settings\Alex\My Documents\auralism_logo.eps
[2008/11/30 10:03:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/30 10:02:32 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/11/30 10:02:06 | 00,167,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\core.cache.dsk
[2008/11/29 19:48:58 | 54,699,956 | ---- | M] () -- C:\Documents and Settings\Alex\My Documents\software-key.reg
[2008/11/29 13:39:40 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/11/29 13:33:37 | 01,335,000 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\TeamViewerQS.exe
< End of report >


extras.txt:

OTViewIt Extras logfile created on: 12/29/2008 10:09:51 AM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Alex\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.42 Mb Total Physical Memory | 241.88 Mb Available Physical Memory | 24.03% Memory free
2.37 Gb Paging File | 1.66 Gb Available in Paging File | 70.11% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.23 Gb Total Space | 7.79 Gb Free Space | 14.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEGRAVEYARD
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 02:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2006/10/10 04:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 02:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/08/30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2005/04/04 15:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2
[2006/10/10 04:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/02/08 10:04:44 | 00,072,264 | ---- | M] (Kaspersky Lab) -- C:\kav\kav7\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup
[2008/01/30 03:50:00 | 06,404,096 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client
[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/07/30 09:47:50 | 20,252,968 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/08/14 07:58:34 | 00,611,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4
[2008/12/28 10:29:49 | 00,064,000 | ---- | M] () -- C:\WINDOWS\system32\~.exe:*:Enabled:~
[2008/12/19 16:51:01 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox
[2008/07/09 09:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe:*:Enabled:zlclient
[2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2004/09/07 13:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe:*:Enabled:ZcfgSvc
[2007/06/27 06:28:44 | 00,189,440 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe:*:Enabled:M-AudioTaskBarIcon
[2005/04/04 15:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe:*:Enabled:VersionCueCS2Tray
[2004/08/04 02:00:00 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui
[2004/08/04 02:00:00 | 00,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 16:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 16:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 16:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}"=Adobe Color NA Recommended Settings CS4
"{0134A1A1-C283-4A47-91A1-92F19F960372}"=Adobe Creative Suite 2
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}"=Macromedia Flash Player
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}"=Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}"=Adobe Extension Manager CS4
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}"=mSSO
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{098727E1-775A-4450-B573-3F441F1CA243}"=kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}"=Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}"=Adobe Setup
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{0F723FC1-7606-4867-866C-CE80AD292DAF}"=Adobe CSI CS4
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{1618734A-3957-4ADD-8199-F973763109A8}"=Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}"=Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}"=AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{2A6282FF-B75B-463F-90F5-0A43732F690D}"=Broadcom Management Programs
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0150080}"=J2SE Runtime Environment 5.0 Update 8
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}"=PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}"=Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}"=Adobe XMP Panels CS4
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}"=Macromedia Flash MX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}"=Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}"=Adobe WinSoft Linguistics Plugin
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}"=iTunes
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{3F96519F-E1CF-4914-8181-B06F9CD799DA}"=Audiophile USB
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}"=Jasc Paint Shop Photo Album 5
"{46B62454-F462-E952-0EA3-3FB1CDF552A9}"=RichFLV
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}"=Adobe Service Manager Extension
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}"=Apple Mobile Device Support
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}"=mHlpDell
"{49FC50FC-F965-40D9-89B4-CBFF80941033}"=Windows Movie Maker 2.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{548EEA8E-8299-497F-8057-811D2D7097DC}"=Dell Support 3.1
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}"=Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{5AE7FCBA-A370-45CD-8503-45C2384FF54C}_is1"=Moyea Flash Video MX Std Version: 5.0.1.0
"{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}"=Maxtor OneTouch III
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}"=Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}"=Adobe Photoshop CS4 Support
"{66C47F1B-9568-4355-9DD7-8DCC12265F73}"=Web-Based Email Tools
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}"=Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.5
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}"=AdobeColorCommonSetCMYK
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}"=mCore
"{6E179C77-7335-458D-9537-4F4EAC0181ED}"=Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{6F30B469-5ED7-4734-8252-B9BC962A2AB3}"=PCIxx20
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}"=mIWCA
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}"=Jasc Paint Shop Pro Studio, Dell Editon
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{7F4C8163-F259-49A0-A018-2857A90578BC}"=Adobe InDesign CS2
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}"=Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}"=Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}"=Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{8B4AB829-DFD3-436D-B808-D9733D76C590}"=Macromedia Dreamweaver MX
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{91130409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Basic Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}"=Adobe Linguistics CS4
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}"=Adobe CMaps CS4
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}"=DVD-RAM Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}"=Nero 7 Ultra Edition
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}"=Dell Media Experience
"{AC6A5A75-3493-A3C7-D01B-0E8418473028}"=Onyx-VJ
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{ADBE46EE-54E0-4610-B436-D7E93D829100}"=Adobe Version Cue CS2
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}"=Dell Picture Studio v3.0
"{B29AD377-CC12-490A-A480-1452337C618D}"=Connect
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}"=Adobe Illustrator CS2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}"=Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}"=Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}"=Adobe Output Module
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}"=Suite Specific
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}"=Adobe Default Language CS4
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}"=mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}"=Photoshop Camera Raw
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{E4848436-0345-47E2-B648-8B522FCDA623}"=Adobe Photoshop CS4
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}"=Adobe Search for Help
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}"=mDrWiFi
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}"=Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}"=Adobe PDF Library Files CS4
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}"=Adobe Fonts All
"{FFC1ADE3-944B-4231-894E-3903C37271D2}"=Adobe Setup
"Ableton Live v5.0.2"=Ableton Live v5.0.2
"Ad-Aware SE Personal"=Ad-Aware SE Personal
"Adobe Acrobat 8 Professional"=Adobe Acrobat 8 Professional
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Flex Builder 3"=Adobe Flex Builder 3
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe SVG Viewer"=Adobe SVG Viewer 3.0
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390"=Adobe Flash CS3 Professional
"Adobe_faf656ef605427ee2f42989c3ad31b8"=Adobe Photoshop CS4
"agadoo"=Enhancement Browser Tools Agadoo
"Amazon MP3 Downloader"=Amazon MP3 Downloader 1.0.3
"BroadJump Client Foundation"=BroadJump Client Foundation
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1"=Conexant D480 MDC V.9x Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Adobe Media Player
"de.benz.RichFLV.452D2865B2D5CE6F34BBFAC997E63D0882A4858D.1"=RichFLV
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"FileZilla Client"=FileZilla Client 3.0.6
"FLV Player"=FLV Player 2.0, build 24
"FriendBlasterPro_is1"=FriendBlasterPro
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{2A6282FF-B75B-463F-90F5-0A43732F690D}"=Broadcom Management Programs
"InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}"=Maxtor OneTouch III
"InstallShield_{6F30B469-5ED7-4734-8252-B9BC962A2AB3}"=Texas Instruments PCIxx20 drivers.
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Mozilla Firefox (2.0.0.20)"=Mozilla Firefox (2.0.0.20)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Network Stumbler"=Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Onyx-VJ.387BDBF683A7AEF5D5BC0EE641CD0FBA654D8EEE.1"=Onyx-VJ
"PowerISO"=PowerISO
"Product_Name"=Gradekeeper
"ProInst"=Intel® PROSet/Wireless Software
"prunnet"=Advertisement Service
"RealPlayer 6.0"=RealPlayer Basic
"Reason_is1"=Reason 3.0
"SBC.MCCInstall"=SBC Self Support Tool
"SEAGULL FTP"=SEAGULL FTP
"Steinberg Cubase SX 1.01"=Steinberg Cubase SX 1.01
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"ViewpointMediaPlayer"=Viewpoint Media Player
"WebCyberCoach_wtrb"=WebCyberCoach 3.2 Dell
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"ZoneAlarm"=ZoneAlarm
"ZoneAlarmSB Uninstall"=ZoneAlarm Spy Blocker

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CCQuickImportOL"=Constant Contact QuickImport - Outlook

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CCQuickImportOL"=Constant Contact QuickImport - Outlook

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/21/2008 5:57:01 AM | Computer Name = THEGRAVEYARD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 12/23/2008 5:37:01 AM | Computer Name = THEGRAVEYARD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 12/23/2008 7:21:55 PM | Computer Name = THEGRAVEYARD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20081.21709, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/25/2008 1:15:02 PM | Computer Name = THEGRAVEYARD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 12/26/2008 7:59:58 PM | Computer Name = THEGRAVEYARD | Source = Application Error | ID = 1000
Description = Faulting application illustrator.exe, version 12.0.128.0, faulting
module illustrator.exe, version 12.0.128.0, fault address 0x00526a4a.

Error - 12/27/2008 3:31:02 PM | Computer Name = THEGRAVEYARD | Source = Application Error | ID = 1000
Description = Faulting application Acrobat.exe, version 8.0.0.456, faulting module
Acrobat.dll, version 8.0.0.456, fault address 0x003076f4.

Error - 12/27/2008 4:28:33 PM | Computer Name = THEGRAVEYARD | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module quicktimewebhelper.qtx, version 7.50.61.0, fault address 0x00007090.

Error - 12/27/2008 11:45:27 PM | Computer Name = THEGRAVEYARD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 12/28/2008 2:10:46 PM | Computer Name = THEGRAVEYARD | Source = Application Error | ID = 1000
Description = Faulting application Acrobat.exe, version 8.0.0.456, faulting module
Acrobat.dll, version 8.0.0.456, fault address 0x003076f4.

Error - 12/29/2008 2:09:56 PM | Computer Name = THEGRAVEYARD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module unknown, version 0.0.0.0, fault address 0x4359e01d.

[ System Events ]
Error - 12/26/2008 9:42:10 PM | Computer Name = THEGRAVEYARD | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.

Error - 12/27/2008 3:24:03 PM | Computer Name = THEGRAVEYARD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Media Serial Number Service
service to connect.

Error - 12/27/2008 3:37:28 PM | Computer Name = THEGRAVEYARD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Media Serial Number Service
service to connect.

Error - 12/27/2008 11:26:17 PM | Computer Name = THEGRAVEYARD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Media Serial Number Service
service to connect.

Error - 12/27/2008 11:45:25 PM | Computer Name = THEGRAVEYARD | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/27/2008 11:45:25 PM | Computer Name = THEGRAVEYARD | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/28/2008 1:06:19 PM | Computer Name = THEGRAVEYARD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Media Serial Number Service
service to connect.

Error - 12/29/2008 12:34:21 AM | Computer Name = THEGRAVEYARD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Media Serial Number Service
service to connect.

Error - 12/29/2008 1:29:59 PM | Computer Name = THEGRAVEYARD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Media Serial Number Service
service to connect.

Error - 12/29/2008 1:50:54 PM | Computer Name = THEGRAVEYARD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Media Serial Number Service
service to connect.


< End of report >

#9 siccboy

siccboy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 29 December 2008 - 01:27 PM

here is the the C:\Qoobox\ComboFix2.txt file........ there was no comboFix3.txt file in there.
The problems still continue with windows registry defender and windows pops ups prompting all the time... I have been running Zone Alarm to prevent these windows from opening, so i can continue working on my stuff. I will be online everyday, this last xmas week have been off. Thanks for your help in advance, i really appreciate getting this off. Let me know if i can give you any more info.


ComboFix 08-11-26.01 - Alex 1981-01-12 18:54:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.463 [GMT -8:00]
Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\tn3
c:\windows\system32\~.exe
c:\windows\system32\gahidumi.dll
c:\windows\system32\idosofej.ini
c:\windows\system32\iveyenut.ini
c:\windows\system32\jefosodi.dll
c:\windows\system32\nelesoye.dll
c:\windows\system32\rameruzo.dll
c:\windows\system32\tuneyevi.dll
c:\windows\system32\yukojuni.dll
c:\windows\system32\zudavuva.dll
c:\windows\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEDIA_SERIAL_NUMBER_SERVICE
-------\Service_Media Serial Number Service


((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-09 19:07 . 2008-12-09 19:07 <DIR> d-------- c:\temp\tn3
2008-12-09 19:07 . 2008-12-09 19:07 932 --------- c:\windows\system32\drivers\core.cache.dsk
2008-11-30 17:35 . 2008-11-30 17:36 <DIR> d-------- c:\program files\RogueRemover FREE
2008-11-29 20:04 . 2008-03-02 02:59 738,304 ---hs---- c:\windows\system32\_RECYCLER.EXE
2008-11-29 18:41 . 2007-08-01 22:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-29 13:49 . 2008-11-29 15:32 <DIR> d-------- c:\documents and settings\Alex\.housecall6.6
2008-11-29 13:33 . 2008-11-29 13:33 <DIR> d-------- c:\documents and settings\Alex\temp
2008-11-29 13:33 . 2008-11-29 13:33 <DIR> d-------- c:\documents and settings\Alex\Application Data\TeamViewer
2008-11-26 15:28 . 2008-12-09 19:09 1,677,344 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-26 15:28 . 2008-12-09 19:06 20,684 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-26 15:20 . 2008-11-26 15:20 <DIR> d-------- c:\program files\ZoneAlarmSB
2008-11-25 12:18 . 2008-11-25 12:18 <DIR> d-------- c:\program files\Alwil Software
2008-11-24 14:13 . 2008-11-24 14:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-24 13:57 . 2008-11-24 14:12 <DIR> d-------- c:\program files\Windows Defender
2008-11-24 10:42 . 2008-11-24 10:42 <DIR> d-------- c:\documents and settings\Alex\Application Data\IUpd721
2008-11-23 23:49 . 2008-11-24 14:13 <DIR> d-------- c:\documents and settings\Alex\Application Data\NI.GSCNS
2008-11-23 23:41 . 2008-11-23 23:41 <DIR> d-------- c:\temp\FT62
2008-11-23 23:41 . 2008-11-23 23:41 86,272 --a------ c:\windows\system32\drivers\acpii.sys
2008-11-23 23:40 . 2008-11-23 23:40 <DIR> d-------- c:\windows\system32\mp
2008-11-23 23:40 . 2008-11-25 13:59 <DIR> d-------- c:\windows\system32\gp2
2008-11-23 23:40 . 2008-11-24 14:13 <DIR> d-------- c:\windows\system32\dim
2008-11-23 23:40 . 2008-12-09 19:07 <DIR> d-------- C:\Temp
2008-11-23 23:40 . 2008-11-23 23:49 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-23 23:40 . 2008-11-23 23:49 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-20 14:51 . 2008-11-20 14:51 <DIR> d-------- c:\documents and settings\Alex\Application Data\Viewpoint
2008-11-11 10:19 . 2008-11-11 11:10 2,790 --a------ C:\nov08.html
2008-11-11 10:19 . 2008-11-11 11:03 2,532 --a------ C:\nov08old.html

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 23:42 --------- d-----w c:\documents and settings\Alex\Application Data\FileZilla
2008-11-26 23:28 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-26 23:02 --------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2008-11-25 22:07 --------- d-----w c:\program files\Trillian
2008-11-25 22:06 --------- d-----w c:\program files\File And MP3 Tag Renamer
2008-11-24 22:13 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-24 22:12 --------- d-----w c:\program files\Yahoo!
2008-11-24 21:48 --------- d-----w c:\program files\Kaspersky Lab
2008-11-07 23:57 --------- d-----w c:\program files\FriendBlasterPro
2008-11-04 19:00 --------- d-----w c:\program files\Onyx-VJ
2008-11-04 19:00 --------- d-----w c:\documents and settings\Alex\Application Data\Onyx-VJ.387BDBF683A7AEF5D5BC0EE641CD0FBA654D8EEE.1
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 00:04 --------- d-----w c:\program files\Microsoft Silverlight
2008-04-29 02:35 56 --sh--r c:\windows\system32\B6634BD1E0.sys
2008-04-29 02:35 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-26_14.35.00.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-02 22:22:56 385,536 ----a-w c:\windows\Downloaded Program Files\Housecall_ActiveX.dll
+ 2008-03-02 10:59:16 738,304 --sh--w c:\windows\system32\_RECYCLER.EXE
- 2005-08-17 23:08:05 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-10 03:04:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-17 23:08:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-10 03:04:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-17 23:09:50 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-10 03:04:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-19 23:10:28 127,768 ----a-w c:\windows\system32\drivers\klif.sys
- 2008-11-13 23:31:27 424,536 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-30 11:45:52 470,704 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-07-09 17:05:08 796,048 ----a-w c:\windows\system32\libeay32_0.9.6l.dll
+ 2008-07-09 17:05:10 83,432 ----a-w c:\windows\system32\vsdata.dll
+ 2008-07-09 17:05:22 394,952 ----a-w c:\windows\system32\vsdatant.sys
+ 2008-07-09 17:05:10 157,160 ----a-w c:\windows\system32\vsinit.dll
+ 2008-07-09 17:05:10 103,912 ----a-w c:\windows\system32\vsmonapi.dll
+ 2008-07-09 17:05:10 275,944 ----a-w c:\windows\system32\vspubapi.dll
+ 2008-07-09 17:05:10 71,144 ----a-w c:\windows\system32\vsregexp.dll
+ 2008-07-09 17:05:12 472,552 ----a-w c:\windows\system32\vsutil.dll
+ 2008-07-09 17:05:12 46,568 ----a-w c:\windows\system32\vswmi.dll
+ 2008-07-09 17:05:12 99,816 ----a-w c:\windows\system32\vsxml.dll
+ 2008-07-09 17:05:12 83,432 ----a-w c:\windows\system32\zlcomm.dll
+ 2008-07-09 17:05:12 71,144 ----a-w c:\windows\system32\zlcommdb.dll
- 2008-04-07 16:21:44 4,212 ---h--w c:\windows\system32\zllictbl.dat
+ 2008-11-26 23:20:52 4,212 ---h--w c:\windows\system32\zllictbl.dat
+ 2008-07-09 17:05:06 370,208 ----a-w c:\windows\system32\ZoneLabs\av.dll
+ 2007-05-31 08:03:30 65,248 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 22:47:36 21,568 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-31 08:03:30 1,628 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\pdmkl.dat
+ 2007-05-31 08:03:16 77,824 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 08:03:16 110,592 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 08:03:16 331,776 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 08:03:16 38,400 ----a-w c:\windows\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-20 07:12:14 208,960 ----a-w c:\windows\system32\ZoneLabs\avsys\inv.dll
+ 2007-12-03 22:53:58 282,624 ----a-w c:\windows\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-20 02:13:52 1,093,632 ----a-w c:\windows\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-31 08:03:20 548,864 ----a-w c:\windows\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 08:03:20 626,688 ----a-w c:\windows\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 08:03:18 184,320 ----a-w c:\windows\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 08:03:22 90,112 ----a-w c:\windows\system32\ZoneLabs\avsys\prremote.dll
+ 2007-12-03 22:53:58 139,264 ----a-w c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-20 02:13:52 200,704 ----a-w c:\windows\system32\ZoneLabs\avsys\ssleay32.dll
+ 2008-07-09 17:05:06 99,816 ----a-w c:\windows\system32\ZoneLabs\camupd.dll
+ 2004-01-30 20:35:08 813,568 ----a-w c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2008-07-09 17:05:08 128,480 ----a-w c:\windows\system32\ZoneLabs\fbl.dll
+ 2008-07-09 17:05:08 38,376 ----a-w c:\windows\system32\ZoneLabs\featuremap.dll
+ 2008-07-09 17:05:08 321,016 ----a-w c:\windows\system32\ZoneLabs\imsecure.dll
+ 2008-07-09 17:05:24 288,144 ----a-w c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2008-11-27 03:25:12 152,976 ----a-w c:\windows\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-07-09 17:05:24 26,000 ----a-w c:\windows\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-07-09 17:05:24 1,361,296 ----a-w c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-07-09 17:05:24 71,056 ----a-w c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-07-09 17:06:26 30,184 ----a-w c:\windows\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2008-07-09 17:06:26 30,216 ----a-w c:\windows\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2008-02-27 11:10:26 714,208 ----a-w c:\windows\system32\ZoneLabs\qrbase.dll
+ 2008-02-27 11:10:28 792,032 ----a-w c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2008-07-09 17:05:08 173,544 ----a-w c:\windows\system32\ZoneLabs\scheduler.dll
+ 2008-01-21 16:34:36 7,603,688 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
+ 2008-02-27 11:10:32 1,504,736 ----a-w c:\windows\system32\ZoneLabs\srescan.dll
+ 2008-02-27 11:10:44 51,176 ----a-w c:\windows\system32\ZoneLabs\srescan.sys
+ 2008-07-09 17:05:10 456,168 ----a-w c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2008-07-09 17:06:26 214,528 ----a-w c:\windows\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2008-07-09 17:06:30 3,266,040 ----a-w c:\windows\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-05 04:59:14 503,875 ----a-w c:\windows\system32\ZoneLabs\upd_core.dll
+ 2007-10-12 00:50:32 832,984 ----a-w c:\windows\system32\ZoneLabs\updating.dll
+ 2008-07-09 17:05:18 144,936 ----a-w c:\windows\system32\ZoneLabs\updclient.exe
+ 2007-01-12 01:31:06 286,787 ----a-w c:\windows\system32\ZoneLabs\updtrsdk.dll
+ 2008-07-09 17:05:10 108,008 ----a-w c:\windows\system32\ZoneLabs\vsavpro.dll
+ 2008-07-09 17:05:10 83,432 ----a-w c:\windows\system32\ZoneLabs\vsdb.dll
+ 2008-07-09 17:05:18 75,304 ----a-w c:\windows\system32\ZoneLabs\vsmon.exe
+ 2008-07-09 17:05:10 2,029,032 ----a-w c:\windows\system32\ZoneLabs\vsmondll.dll
+ 2008-07-09 17:05:12 1,361,384 ----a-w c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2008-07-09 17:05:12 239,080 ----a-w c:\windows\system32\ZoneLabs\vsvault.dll
+ 2008-01-21 16:34:36 7,603,688 ----a-w c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2008-07-09 17:05:12 177,640 ----a-w c:\windows\system32\ZoneLabs\zlparser.dll
+ 2008-07-09 17:05:12 79,344 ----a-w c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2008-07-09 17:05:14 382,440 ----a-w c:\windows\system32\ZoneLabs\zlsre.dll
+ 2008-07-09 17:05:14 120,296 ----a-w c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2008-07-09 17:05:16 1,086,952 ----a-w c:\windows\system32\zpeng24.dll
+ 2006-12-02 06:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 08:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 08:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 08:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 08:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 08:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 08:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 08:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 08:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 08:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 08:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 08:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 08:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 08:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 08:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2008-07-09 17:05:20 75,248 ----a-w c:\windows\zllsputility.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-03-17 184320]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-06-27 189440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-08-19 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-11 110592]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-07-25 24576]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2006-07-26 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 13:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\yukojuni.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"midi1"= usbkt1x1.dll
"midi2"= usbkt1x1.dll
"midi4"= usbnp4x4.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Alex\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
1 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-14 23:04 332800 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-26 22:02 86016 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 13:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 13:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 13:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
--a------ 2005-11-09 13:19 634880 c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2003-12-10 01:52 380928 c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 08:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-07-25 11:57 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 acpii;acpii;c:\windows\system32\drivers\acpii.sys [2008-11-23 86272]
R2 MAudioAudiophileService;M-Audio Audiophile Installer;c:\program files\M-Audio\Audiophile USB\MAUSBAPInst.exe [2007-09-25 81920]
S3 MADFU003;MADFU003;c:\windows\system32\DRIVERS\MADFU003.sys [2007-09-25 69248]
S3 MAUSBAP;Service for M-Audio Audiophile (WDM);c:\windows\system32\DRIVERS\mausbap.sys [2007-09-25 129408]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\NSNDIS5.SYS [2004-03-23 17280]
S3 UKS11LDR;Midiman USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2006-12-06 15708]
S3 USBKS1X1;Midiman USB Keystation Midi Driver;c:\windows\system32\drivers\usbks1x1.sys [2006-12-06 29168]
S3 USBNP4X4;M-Audio Audiophile USB Midi;c:\windows\system32\drivers\usbnp4x4.sys [2007-09-25 22336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0868c9c-82a0-11dc-85dc-0013ce20e2f2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc62d8b0-8bc7-11db-83c5-0013ce20e2f2}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6ba15638-5573-4d1b-b13a-7cbba6557fe9} - c:\windows\system32\nelesoye.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\1hrj34kp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.visaomedia.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 19:07:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000001BD4428DC13C9CFA6B 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Maxtor\OneTouch\Utils\SyncServices.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.5.0_08\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-12-09 19:18:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 03:18:24

Pre-Run: 15,946,829,824 bytes free
Post-Run: 15,955,759,104 bytes free

346 --- E O F --- 2008-11-29 07:53:29

#10 siccboy

siccboy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 29 December 2008 - 03:38 PM

I am also having pop ups in firefox which is my main broswer.

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 AM

Posted 29 December 2008 - 09:21 PM

Hello.

Sorry for the delay. I'm sick...

please re-run OTViewIT and post me back with the new log. I need to see the current state of your machine..

Please post back with:
-OTViewIT logs

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 siccboy

siccboy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 30 December 2008 - 12:19 AM

OTViewIt logfile created on: 12/29/2008 9:15:38 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Alex\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.42 Mb Total Physical Memory | 267.99 Mb Available Physical Memory | 26.63% Memory free
2.37 Gb Paging File | 1.69 Gb Available in Paging File | 71.44% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.23 Gb Total Space | 7.46 Gb Free Space | 14.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEGRAVEYARD
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2004/09/07 13:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2004/09/07 13:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2004/09/07 13:12:32 | 00,225,353 | ---- | M] (Intel« Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[2005/04/04 15:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
[2008/07/22 19:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2004/08/27 07:33:32 | 00,110,592 | R--- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
[2007/06/29 06:29:08 | 00,081,920 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe
[2004/08/04 02:00:00 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
[2004/08/04 02:00:00 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
[2008/10/14 23:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2005/11/09 13:40:32 | 00,110,592 | ---- | M] ( ) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
[2004/09/07 13:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2005/04/04 15:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
[2004/08/04 02:00:00 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspaint.exe
[2004/09/07 13:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2004/09/07 13:03:40 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
[2006/07/26 00:03:14 | 00,049,263 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
[2004/05/13 21:23:56 | 00,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2004/05/14 11:35:50 | 00,536,576 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2004/10/30 11:59:54 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2005/09/20 06:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2005/09/20 06:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2002/09/10 18:26:26 | 00,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
[2005/04/04 15:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
[2006/03/17 18:24:16 | 00,184,320 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
[2005/09/20 06:32:16 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2007/06/27 06:28:44 | 00,189,440 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
[2008/07/30 09:47:56 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/10/22 22:24:02 | 00,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[2004/08/04 02:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/05/16 06:27:16 | 00,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[2003/10/28 23:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
[2007/05/16 06:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
[2008/12/18 16:19:43 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2008/07/30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/05/16 06:27:38 | 01,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
[2008/04/23 14:09:50 | 00,199,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
[2008/10/13 11:25:02 | 12,310,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
[2008/12/19 16:51:01 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2004/08/04 02:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/12/29 10:09:08 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/10/22 13:45:13 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005/04/04 15:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2 [Auto | Running])
[2008/07/22 19:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2004/08/27 07:33:32 | 00,110,592 | R--- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
[2004/09/07 13:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2008/12/18 16:19:43 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2006/10/20 18:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2005/04/03 21:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/10/30 00:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/07/30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/06/29 06:29:08 | 00,081,920 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe -- (MAudioAudiophileService [Auto | Running])
[2008/03/02 02:59:16 | 00,738,304 | -HS- | M] () -- C:\Program Files\Common Files\Microsoft Shared\MSInfo\RECYCLER.EXE -- (Media Serial Number Service [Auto | Stopped])
[2007/04/13 18:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2006/10/30 00:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/05/16 06:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
[2005/11/09 13:40:32 | 00,110,592 | ---- | M] ( ) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1 [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/09/07 13:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2004/09/07 13:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Stopped])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2004/09/07 13:12:32 | 00,225,353 | ---- | M] (Intel« Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])
[2006/10/18 17:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/11/23 23:41:09 | 00,086,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\acpii.sys -- (acpii [System | Running])
[2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
[2005/07/25 11:48:58 | 00,017,056 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 10:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/03 20:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2001/08/17 10:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 10:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2005/07/25 11:57:36 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2004/05/26 17:18:18 | 00,044,928 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2006/03/10 13:31:02 | 00,044,224 | R--- | M] (BVRP Software) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5 [On_Demand | Stopped])
[2001/08/17 10:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 10:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2001/08/17 09:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2003/11/13 21:21:16 | 00,197,120 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
[2003/11/13 21:17:00 | 01,042,816 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/09/20 07:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/08/12 05:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA [On_Demand | Running])
[2004/09/29 00:02:00 | 00,016,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctpdusb2.sys -- (Jukebox [On_Demand | Stopped])
[2004/08/03 20:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2007/06/27 06:27:16 | 00,069,248 | ---- | M] (M-Audio) -- C:\WINDOWS\system32\drivers\MADFU003.sys -- (MADFU003 [On_Demand | Stopped])
[2007/06/27 06:39:14 | 00,129,408 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\drivers\mausbap.sys -- (MAUSBAP [On_Demand | Stopped])
[2003/04/09 15:48:08 | 00,011,043 | R--- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2004/11/02 12:45:04 | 00,102,320 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf [System | Running])
[2001/08/17 10:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2005/04/06 11:05:24 | 00,015,360 | ---- | M] (Maxtor Corp.) -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD [On_Demand | Stopped])
[2004/03/23 18:12:34 | 00,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5 [On_Demand | Stopped])
[2004/08/03 19:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 13:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2003/06/19 02:04:18 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 02:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/01/25 23:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 10:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 10:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 10:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2004/08/31 05:53:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2006/03/17 18:24:59 | 00,026,844 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/03 20:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2001/08/17 11:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2004/11/15 18:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97 [On_Demand | Running])
[2001/08/17 11:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 11:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 11:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 11:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2004/05/13 21:19:22 | 00,182,688 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2004/05/21 16:18:56 | 00,067,072 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm.sys -- (tifm [On_Demand | Running])
[2007/08/01 22:47:26 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2001/09/14 06:11:02 | 00,015,708 | R--- | M] (MIDIMAN) -- C:\WINDOWS\system32\drivers\uks11ldr.sys -- (UKS11LDR [On_Demand | Stopped])
[2001/08/17 10:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/07/22 19:32:44 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2004/08/03 20:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2001/09/14 06:11:02 | 00,029,168 | R--- | M] (Doug Fetter Software Wizardry) -- C:\WINDOWS\system32\drivers\usbks1x1.sys -- (USBKS1X1 [On_Demand | Stopped])
[2007/06/27 06:27:16 | 00,022,336 | ---- | M] (Doug Fetter Software Wizardry) -- C:\WINDOWS\system32\drivers\usbnp4x4.sys -- (USBNP4X4 [On_Demand | Stopped])
[2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2004/10/21 17:56:04 | 03,210,496 | ---- | M] (Intel« Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51 [On_Demand | Running])
[2003/11/13 21:18:36 | 00,679,808 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/08/04 02:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=http://www.visaomedia.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;*.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=http://www.visaomedia.com/

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;*.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{6ba15638-5573-4d1b-b13a-7cbba6557fe9} (HKLM) -- C:\WINDOWS\system32\weluyiki.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"34804d63"=rundll32.exe "C:\WINDOWS\system32\rugozeko.dll",b ()
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" (Adobe Sytems Incorporated)
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
"CPM37b37eff"=Rundll32.exe "c:\windows\system32\gemomume.dll",a ()
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"M-Audio Taskbar Icon"=C:\WINDOWS\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)
"zufakugowe"=Rundll32.exe "C:\WINDOWS\system32\kuhihihu.dll",s ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zufakugowe"=Rundll32.exe "C:\WINDOWS\system32\kuhihihu.dll",s ()

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)

========== (O4) Startup Folders ==========

[2008/08/19 11:40:44 | 00,295,606 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
[2006/10/22 23:01:50 | 00,734,872 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
[2000/08/24 12:16:34 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2003/10/28 23:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2003/10/10 06:06:10 | 00,217,088 | ---- | M] (Motive Communications, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoBandCustomize"=0
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoBandCustomize"=0
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 22:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %SystemRoot%\system32\msjava.dll [2008/07/31 10:16:54 | 00,947,472 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 04:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2008/07/31 10:16:54 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2008/07/31 10:16:54 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/plugin/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{82774781-8F4E-11D1-AB1C-0000F8773BF0}: https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab -- DLC Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{9544E61A-6761-4411-8E01-D811710D60FD} (Servers: | Description: 1394 Net Adapter)
{9D4E26F6-9024-404F-B589-70BB46F1CABA} (Servers: | Description: Intel® PRO/Wireless 2200BG Network Connection)
{B5A06D00-5337-4FCD-B8A8-0F78CC5CE589} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=c:\windows\system32\yukojuni.dll C:\WINDOWS\system32\rikopebo.dll c:\windows\system32\gemomume.dll
>File not found -- c:\windows\system32\yukojuni.dll
>[2008/09/29 09:31:00 | 00,063,058 | -HS- | M] () -- C:\WINDOWS\system32\rikopebo.dll
>[2008/12/29 10:30:28 | 00,097,564 | -HS- | M] () -- c:\WINDOWS\system32\gemomume.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
IntelWireless: "DllName" = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll -- C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (HKLM) -- c:\WINDOWS\system32\gemomume.dll ()

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" (HKLM) = STS -- c:\WINDOWS\system32\gemomume.dll ()

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 10:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fe30501-e1ba-11d7-82ef-0013ce20e2f2}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fe30501-e1ba-11d7-82ef-0013ce20e2f2}\Shell\Auto\command]
""=F:\RECYCLER.EXE -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fe30501-e1ba-11d7-82ef-0013ce20e2f2}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fe30501-e1ba-11d7-82ef-0013ce20e2f2}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/10/25 19:34:01 | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{417b7180-8369-11dd-8a3f-0013ce20e2f2}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{417b7180-8369-11dd-8a3f-0013ce20e2f2}\Shell\Auto\command]
""=F:\RECYCLER.EXE -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{417b7180-8369-11dd-8a3f-0013ce20e2f2}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{417b7180-8369-11dd-8a3f-0013ce20e2f2}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/10/25 19:34:01 | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0868c9c-82a0-11dc-85dc-0013ce20e2f2}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0868c9c-82a0-11dc-85dc-0013ce20e2f2}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0868c9c-82a0-11dc-85dc-0013ce20e2f2}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc62d8b0-8bc7-11db-83c5-0013ce20e2f2}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc62d8b0-8bc7-11db-83c5-0013ce20e2f2}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc62d8b0-8bc7-11db-83c5-0013ce20e2f2}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/12/29 14:08:36 | 18,773,726 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\VM_JeffreyVigilante_bodytripdemo_02.mp3
[2008/12/29 14:06:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\Images
[2008/12/29 14:06:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\Audio
[2008/12/29 13:51:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\Jeff Vigilante - Body Trip (Loops for Marshall Remix)
[2008/12/29 13:45:57 | 57,754,016 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Jeff Vigilante - Body Trip (Loops for Marshall Remix).zip
[2008/12/29 10:30:32 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\okezogur.ini
[2008/12/29 10:09:08 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTViewIt.exe
[2008/12/28 21:06:01 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ejadisol.ini
[2008/12/28 10:29:15 | 00,064,000 | ---- | C] () -- C:\WINDOWS\System32\~.exe
[2008/12/28 09:07:06 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ihizunad.ini
[2008/12/27 19:56:17 | 01,261,704 | -HS- | C] () -- C:\WINDOWS\System32\abosanap.ini
[2008/12/25 15:01:44 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\mobeteda.exe
[2008/12/25 09:47:07 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\DJs.doc
[2008/12/24 22:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\jan10th
[2008/12/24 11:50:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\tryouts
[2008/12/23 11:05:39 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\hasimire.exe
[2008/12/22 20:54:00 | 00,490,281 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Untitled-1gfsdg.psd
[2008/12/22 17:02:56 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\jaditibi.exe
[2008/12/19 02:24:36 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ubebefid.ini
[2008/12/18 16:40:24 | 00,000,856 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Adobe Photoshop CS4.lnk
[2008/12/18 16:34:21 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2008/12/14 19:12:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\gphotoart_blog
[2008/12/11 15:26:00 | 00,215,821 | ---- | C] () -- C:\Documents and Settings\Alex\My Documents\auralism_logo.eps
[2008/11/30 18:50:03 | 10,553,79456 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/30 10:33:16 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/11/30 10:01:58 | 00,167,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\core.cache.dsk
[2008/11/30 01:23:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\Amazon
[2008/11/30 01:22:06 | 00,000,000 | ---D | C] -- C:\Program Files\Amazon

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Alex\My Documents\*.tmp files]
[2008/12/29 21:16:36 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\pigakopi
[2008/12/29 21:13:31 | 08,130,592 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/12/29 20:59:54 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Microsoft Office Outlook 2003.lnk
[2008/12/29 20:58:36 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/12/29 20:57:28 | 00,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/12/29 20:56:53 | 00,170,616 | ---- | M] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/29 20:56:42 | 00,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2008/12/29 20:56:21 | 02,351,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/29 20:55:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/29 20:55:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/29 20:55:22 | 10,553,79456 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/29 19:18:13 | 00,097,256 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/12/29 14:21:45 | 18,773,726 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\VM_JeffreyVigilante_bodytripdemo_02.mp3
[2008/12/29 13:46:15 | 57,754,016 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Jeff Vigilante - Body Trip (Loops for Marshall Remix).zip
[2008/12/29 10:30:35 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\okezogur.ini
[2008/12/29 10:30:30 | 00,085,665 | -HS- | M] () -- C:\WINDOWS\System32\rugozeko.dll
[2008/12/29 10:30:28 | 00,097,564 | -HS- | M] () -- C:\WINDOWS\System32\gemomume.dll
[2008/12/29 10:09:08 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTViewIt.exe
[2008/12/29 09:30:32 | 00,063,058 | -HS- | M] (ESET) -- C:\WINDOWS\System32\jamamafo.dll
[2008/12/28 21:38:27 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\DJs.doc
[2008/12/28 21:06:03 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\ejadisol.ini
[2008/12/28 21:05:59 | 00,097,943 | -HS- | M] () -- C:\WINDOWS\System32\dezubebo.dll
[2008/12/28 10:29:49 | 00,064,000 | ---- | M] () -- C:\WINDOWS\System32\~.exe
[2008/12/28 09:07:28 | 00,115,200 | ---- | M] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/28 09:07:06 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\ihizunad.ini
[2008/12/28 09:06:59 | 00,097,920 | -HS- | M] () -- C:\WINDOWS\System32\likebowa.dll
[2008/12/28 09:06:58 | 00,087,197 | ---- | M] () -- C:\WINDOWS\System32\danuzihi.dll
[2008/12/27 19:56:34 | 01,261,704 | -HS- | M] () -- C:\WINDOWS\System32\abosanap.ini
[2008/12/27 19:56:18 | 00,063,094 | -HS- | M] () -- C:\WINDOWS\System32\jukaraso.dll
[2008/12/27 19:56:17 | 00,097,894 | -HS- | M] () -- C:\WINDOWS\System32\kijudawi.dll
[2008/12/27 19:56:17 | 00,087,167 | -HS- | M] () -- C:\WINDOWS\System32\panasoba.dll
[2008/12/25 15:01:44 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\mobeteda.exe
[2008/12/25 13:27:27 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Microsoft Office Word 2003.lnk
[2008/12/23 11:05:39 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\hasimire.exe
[2008/12/22 20:54:00 | 00,490,281 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Untitled-1gfsdg.psd
[2008/12/22 17:02:56 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\jaditibi.exe
[2008/12/22 12:28:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/19 02:24:37 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\ubebefid.ini
[2008/12/19 02:24:30 | 00,094,916 | -HS- | M] () -- C:\WINDOWS\System32\weyokupi.dll
[2008/12/19 02:24:30 | 00,087,308 | ---- | M] () -- C:\WINDOWS\System32\difebebu.dll
[2008/12/18 16:40:24 | 00,000,856 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Adobe Photoshop CS4.lnk
[2008/12/16 02:46:46 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/12 22:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 22:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/12 13:33:51 | 00,526,408 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/12 13:33:51 | 00,446,438 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/12 13:33:51 | 00,073,226 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/12 11:53:48 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/12 11:53:10 | 00,000,633 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/11 15:26:00 | 00,215,821 | ---- | M] () -- C:\Documents and Settings\Alex\My Documents\auralism_logo.eps
[2008/11/30 10:03:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/30 10:02:32 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/11/30 10:02:06 | 00,167,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\core.cache.dsk
< End of report >

#13 siccboy

siccboy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 30 December 2008 - 12:20 AM

OTViewIt Extras logfile created on: 12/29/2008 9:15:38 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Alex\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.42 Mb Total Physical Memory | 267.99 Mb Available Physical Memory | 26.63% Memory free
2.37 Gb Paging File | 1.69 Gb Available in Paging File | 71.44% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.23 Gb Total Space | 7.46 Gb Free Space | 14.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEGRAVEYARD
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 02:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2006/10/10 04:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 02:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/08/30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2005/04/04 15:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2
[2006/10/10 04:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/02/08 10:04:44 | 00,072,264 | ---- | M] (Kaspersky Lab) -- C:\kav\kav7\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup
[2008/01/30 03:50:00 | 06,404,096 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client
[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/07/30 09:47:50 | 20,252,968 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/08/14 07:58:34 | 00,611,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4
[2008/12/28 10:29:49 | 00,064,000 | ---- | M] () -- C:\WINDOWS\system32\~.exe:*:Enabled:~
[2008/12/19 16:51:01 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox
[2008/07/09 09:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe:*:Enabled:zlclient
[2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2004/09/07 13:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe:*:Enabled:ZcfgSvc
[2007/06/27 06:28:44 | 00,189,440 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe:*:Enabled:M-AudioTaskBarIcon
[2005/04/04 15:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe:*:Enabled:VersionCueCS2Tray
[2004/08/04 02:00:00 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui
[2004/08/04 02:00:00 | 00,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 16:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 16:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 16:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}"=Adobe Color NA Recommended Settings CS4
"{0134A1A1-C283-4A47-91A1-92F19F960372}"=Adobe Creative Suite 2
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}"=Macromedia Flash Player
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}"=Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}"=Adobe Extension Manager CS4
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}"=mSSO
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{098727E1-775A-4450-B573-3F441F1CA243}"=kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}"=Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}"=Adobe Setup
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{0F723FC1-7606-4867-866C-CE80AD292DAF}"=Adobe CSI CS4
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{1618734A-3957-4ADD-8199-F973763109A8}"=Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}"=Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}"=AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{2A6282FF-B75B-463F-90F5-0A43732F690D}"=Broadcom Management Programs
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0150080}"=J2SE Runtime Environment 5.0 Update 8
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}"=PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}"=Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}"=Adobe XMP Panels CS4
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}"=Macromedia Flash MX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}"=Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}"=Adobe WinSoft Linguistics Plugin
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}"=iTunes
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{3F96519F-E1CF-4914-8181-B06F9CD799DA}"=Audiophile USB
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}"=Jasc Paint Shop Photo Album 5
"{46B62454-F462-E952-0EA3-3FB1CDF552A9}"=RichFLV
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}"=Adobe Service Manager Extension
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}"=Apple Mobile Device Support
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}"=mHlpDell
"{49FC50FC-F965-40D9-89B4-CBFF80941033}"=Windows Movie Maker 2.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{548EEA8E-8299-497F-8057-811D2D7097DC}"=Dell Support 3.1
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}"=Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{5AE7FCBA-A370-45CD-8503-45C2384FF54C}_is1"=Moyea Flash Video MX Std Version: 5.0.1.0
"{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}"=Maxtor OneTouch III
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}"=Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}"=Adobe Photoshop CS4 Support
"{66C47F1B-9568-4355-9DD7-8DCC12265F73}"=Web-Based Email Tools
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}"=Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.5
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}"=AdobeColorCommonSetCMYK
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}"=mCore
"{6E179C77-7335-458D-9537-4F4EAC0181ED}"=Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{6F30B469-5ED7-4734-8252-B9BC962A2AB3}"=PCIxx20
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}"=mIWCA
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}"=Jasc Paint Shop Pro Studio, Dell Editon
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{7F4C8163-F259-49A0-A018-2857A90578BC}"=Adobe InDesign CS2
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}"=Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}"=Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}"=Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{8B4AB829-DFD3-436D-B808-D9733D76C590}"=Macromedia Dreamweaver MX
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{91130409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Basic Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}"=Adobe Linguistics CS4
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}"=Adobe CMaps CS4
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}"=DVD-RAM Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}"=Nero 7 Ultra Edition
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}"=Dell Media Experience
"{AC6A5A75-3493-A3C7-D01B-0E8418473028}"=Onyx-VJ
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{ADBE46EE-54E0-4610-B436-D7E93D829100}"=Adobe Version Cue CS2
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}"=Dell Picture Studio v3.0
"{B29AD377-CC12-490A-A480-1452337C618D}"=Connect
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}"=Adobe Illustrator CS2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}"=Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}"=Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}"=Adobe Output Module
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}"=Suite Specific
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}"=Adobe Default Language CS4
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}"=mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}"=Photoshop Camera Raw
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{E4848436-0345-47E2-B648-8B522FCDA623}"=Adobe Photoshop CS4
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}"=Adobe Search for Help
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}"=mDrWiFi
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}"=Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}"=Adobe PDF Library Files CS4
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}"=Adobe Fonts All
"{FFC1ADE3-944B-4231-894E-3903C37271D2}"=Adobe Setup
"Ableton Live v5.0.2"=Ableton Live v5.0.2
"Ad-Aware SE Personal"=Ad-Aware SE Personal
"Adobe Acrobat 8 Professional"=Adobe Acrobat 8 Professional
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Flex Builder 3"=Adobe Flex Builder 3
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe SVG Viewer"=Adobe SVG Viewer 3.0
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390"=Adobe Flash CS3 Professional
"Adobe_faf656ef605427ee2f42989c3ad31b8"=Adobe Photoshop CS4
"agadoo"=Enhancement Browser Tools Agadoo
"Amazon MP3 Downloader"=Amazon MP3 Downloader 1.0.3
"BroadJump Client Foundation"=BroadJump Client Foundation
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1"=Conexant D480 MDC V.9x Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Adobe Media Player
"de.benz.RichFLV.452D2865B2D5CE6F34BBFAC997E63D0882A4858D.1"=RichFLV
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"FileZilla Client"=FileZilla Client 3.0.6
"FLV Player"=FLV Player 2.0, build 24
"FriendBlasterPro_is1"=FriendBlasterPro
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{2A6282FF-B75B-463F-90F5-0A43732F690D}"=Broadcom Management Programs
"InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}"=Maxtor OneTouch III
"InstallShield_{6F30B469-5ED7-4734-8252-B9BC962A2AB3}"=Texas Instruments PCIxx20 drivers.
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Mozilla Firefox (2.0.0.20)"=Mozilla Firefox (2.0.0.20)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Network Stumbler"=Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Onyx-VJ.387BDBF683A7AEF5D5BC0EE641CD0FBA654D8EEE.1"=Onyx-VJ
"PowerISO"=PowerISO
"Product_Name"=Gradekeeper
"ProInst"=Intel® PROSet/Wireless Software
"prunnet"=Advertisement Service
"RealPlayer 6.0"=RealPlayer Basic
"Reason_is1"=Reason 3.0
"SBC.MCCInstall"=SBC Self Support Tool
"SEAGULL FTP"=SEAGULL FTP
"Steinberg Cubase SX 1.01"=Steinberg Cubase SX 1.01
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"ViewpointMediaPlayer"=Viewpoint Media Player
"WebCyberCoach_wtrb"=WebCyberCoach 3.2 Dell
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"ZoneAlarm"=ZoneAlarm
"ZoneAlarmSB Uninstall"=ZoneAlarm Spy Blocker

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CCQuickImportOL"=Constant Contact QuickImport - Outlook

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CCQuickImportOL"=Constant Contact QuickImport - Outlook

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/21/2008 5:57:01 AM | Computer Name = THEGRAVEYARD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 12/23/2008 5:37:01 AM | Computer Name = THEGRAVEYARD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 12/23/2008 7:21:55 PM | Computer Name = THEGRAVEYARD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20081.21709, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/25/2008 1:15:02 PM | Computer Name = THEGRAVEYARD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 12/26/2008 7:59:58 PM | Computer Name = THEGRAVEYARD | Source = Application Error | ID = 1000
Description = Faulting application illustrator.exe, version 12.0.128.0, faulting
module illustrator.exe, version 12.0.128.0, fault address 0x00526a4a.

Error - 12/27/2008 3:31:02 PM | Computer Name = THEGRAVEYARD | Source = Application Error | ID = 1000
Description = Faulting application Acrobat.exe, version 8.0.0.456, faulting module
Acrobat.dll, version 8.0.0.456, fault address 0x003076f4.

Error - 12/27/2008 4:28:33 PM | Computer Name = THEGRAVEYARD | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module quicktimewebhelper.qtx, version 7.50.61.0, fault address 0x00007090.

Error - 12/27/2008 11:45:27 PM | Computer Name = THEGRAVEYARD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 12/28/2008 2:10:46 PM | Computer Name = THEGRAVEYARD | Source = Application Error | ID = 1000
Description = Faulting application Acrobat.exe, version 8.0.0.456, faulting module
Acrobat.dll, version 8.0.0.456, fault address 0x003076f4.

Error - 12/29/2008 2:09:56 PM | Computer Name = THEGRAVEYARD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module unknown, version 0.0.0.0, fault address 0x4359e01d.

[ System Events ]
Error - 12/29/2008 1:29:59 PM | Computer Name = THEGRAVEYARD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Media Serial Number Service
service to connect.

Error - 12/29/2008 1:50:54 PM | Computer Name = THEGRAVEYARD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Media Serial Number Service
service to connect.

Error - 12/29/2008 6:24:47 PM | Computer Name = THEGRAVEYARD | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.

Error - 12/29/2008 7:50:01 PM | Computer Name = THEGRAVEYARD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Media Serial Number Service
service to connect.

Error - 12/29/2008 8:18:32 PM | Computer Name = THEGRAVEYARD | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/29/2008 8:20:41 PM | Computer Name = THEGRAVEYARD | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/29/2008 8:21:10 PM | Computer Name = THEGRAVEYARD | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/29/2008 11:17:40 PM | Computer Name = THEGRAVEYARD | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.

Error - 12/30/2008 12:55:38 AM | Computer Name = THEGRAVEYARD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.130 for the Network Card with network
address 0013CE20E2F2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/30/2008 12:56:21 AM | Computer Name = THEGRAVEYARD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Media Serial Number Service
service to connect.


< End of report >

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 AM

Posted 31 December 2008 - 04:52 PM

Hello again.

Please Uninstall the Combofix you have right now to do this follow the instructions below:

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
  • When shown the disclaimer, Select "2"
Uninstalling ComboFix will remove all components related to Combofix.

Next please download a new copy of Combofix and run it by doing the following:

Install Recovery Console and Run ComboFix again

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
If GMER doesn't work in Normal Mode try running it in Safe Mode

Important!:Please do not select the Show all checkbox during the scan..


Please post back with:
-Combofix log
-GMER Scan log
-New OTviewiT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 siccboy

siccboy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 31 December 2008 - 09:49 PM

ComboFix 08-12-30.02 - Alex 1981-01-12 18:19:54.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1006.291 [GMT -8:00]
Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alex\Application Data\IUpd721
c:\documents and settings\Alex\Application Data\IUpd721\Logs\scns.log
c:\documents and settings\Alex\Application Data\NI.GSCNS
c:\documents and settings\Alex\Application Data\NI.GSCNS\dl.ini
c:\documents and settings\Alex\Application Data\NI.GSCNS\settings.ini
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\temp\FT62
c:\temp\FT62\teTU.log
c:\temp\tn3
c:\windows\system32\~.exe
c:\windows\system32\abosanap.ini
c:\windows\system32\danuzihi.dll
c:\windows\system32\dezubebo.dll
c:\windows\system32\difebebu.dll
c:\windows\system32\difizavu.dll
c:\windows\system32\dim
c:\windows\system32\ehehesuv.ini
c:\windows\system32\ehihidav.ini
c:\windows\system32\ejadisol.ini
c:\windows\system32\gemomume.dll
c:\windows\system32\gp2
c:\windows\system32\hasilibo.dll
c:\windows\system32\ibedeyom.ini
c:\windows\system32\ihizunad.ini
c:\windows\system32\jamamafo.dll
c:\windows\system32\jukaraso.dll
c:\windows\system32\kijudawi.dll
c:\windows\system32\likebowa.dll
c:\windows\system32\mabafiyo.dll
c:\windows\system32\mihamake.dll
c:\windows\system32\moyedebi.dll
c:\windows\system32\mp
c:\windows\system32\mp\kstamv3.exe
c:\windows\system32\mulifadu.dll
c:\windows\system32\nibaheya.dll
c:\windows\system32\okezogur.ini
c:\windows\system32\panasoba.dll
c:\windows\system32\rugawaba.dll
c:\windows\system32\sijorera.dll
c:\windows\system32\ubebefid.ini
c:\windows\system32\udayoyad.ini
c:\windows\system32\uvazifid.ini
c:\windows\system32\vusehehe.dll
c:\windows\system32\weyokupi.dll
c:\windows\system32\yiheguku.dll
c:\windows\system32\yumifesu.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete
c:\windows\system32\drivers\core.cache.dsk . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEDIA_SERIAL_NUMBER_SERVICE
-------\Service_Media Serial Number Service


((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-12 18:33 . 2009-01-12 18:33 <DIR> d-------- c:\temp\tn3
2009-01-12 18:32 . 2009-01-12 18:32 932 --------- c:\windows\system32\drivers\core.cache.dsk
2009-01-12 18:30 . 2009-01-12 18:30 2,713 ---hs---- c:\windows\system32\devajusi.exe
2009-01-12 18:30 . 2009-01-12 18:30 0 --ah----- c:\windows\system32\BITE9.tmp
2008-12-30 17:13 . 2008-12-30 17:13 2,713 ---hs---- c:\windows\system32\vovuhinu.dll
2008-12-25 15:01 . 2008-12-25 15:01 2,713 ---hs---- c:\windows\system32\mobeteda.exe
2008-12-23 11:05 . 2008-12-23 11:05 2,713 ---hs---- c:\windows\system32\hasimire.exe
2008-12-22 17:02 . 2008-12-22 17:02 2,713 ---hs---- c:\windows\system32\jaditibi.exe
2008-12-18 16:34 . 2008-12-18 16:34 <DIR> d-------- c:\program files\Adobe Media Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 02:35 8,701,984 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-13 02:31 103,952 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-01 01:44 --------- d-----w c:\documents and settings\Alex\Application Data\FileZilla
2008-12-19 00:36 --------- d-----w c:\program files\Common Files\Adobe
2008-11-30 09:23 --------- d-----w c:\documents and settings\Alex\Application Data\Amazon
2008-11-30 09:22 --------- d-----w c:\program files\Amazon
2008-11-29 21:33 --------- d-----w c:\documents and settings\Alex\Application Data\TeamViewer
2008-11-26 23:28 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-26 23:20 --------- d-----w c:\program files\ZoneAlarmSB
2008-11-26 23:02 --------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2008-11-25 22:07 --------- d-----w c:\program files\Trillian
2008-11-25 22:06 --------- d-----w c:\program files\File And MP3 Tag Renamer
2008-11-25 20:18 --------- d-----w c:\program files\Alwil Software
2008-11-24 22:13 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-24 22:13 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-24 22:12 --------- d-----w c:\program files\Yahoo!
2008-11-24 22:12 --------- d-----w c:\program files\Windows Defender
2008-11-24 21:48 --------- d-----w c:\program files\Kaspersky Lab
2008-11-24 07:41 86,272 ----a-w c:\windows\system32\drivers\acpii.sys
2008-11-20 22:51 --------- d-----w c:\documents and settings\Alex\Application Data\Viewpoint
2008-12-20 00:50 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 00:50 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 00:50 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 00:50 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 00:50 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-04-29 02:35 56 --sh--r c:\windows\system32\B6634BD1E0.sys
2008-09-19 09:22 64,000 --sha-w c:\windows\system32\bahabona.dll
1981-01-13 01:45 97,410 --sha-w c:\windows\system32\duyagawe.dll
2008-04-29 02:35 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys
1981-01-13 02:17 96,013 --sha-w c:\windows\system32\maremapa.dll
2008-09-19 09:22 64,000 --sha-w c:\windows\system32\netojeke.dll
.

((((((((((((((((((((((((((((( snapshot_2008-11-30_10.10.12.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-03 09:57:49 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP2QFE\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3GDR\strmdll.dll
+ 2008-10-03 09:49:31 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954600\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954600\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954600\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB954600\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB954600\update\updspapi.dll
+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-10-16 20:24:09 124,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\advpack.dll
+ 2008-10-16 20:24:09 347,136 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtmsft.dll
+ 2008-10-16 20:24:09 214,528 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtrans.dll
+ 2008-10-16 20:24:09 132,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\extmgr.dll
+ 2008-10-16 20:24:09 63,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\icardie.dll
+ 2008-10-16 12:46:08 70,656 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
+ 2008-10-16 20:24:09 153,088 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakeng.dll
+ 2008-10-16 20:24:09 230,400 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieaksie.dll
+ 2008-10-15 06:33:26 161,792 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dat
+ 2008-10-16 20:24:09 380,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dll
+ 2008-10-16 20:24:09 388,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-16 20:24:09 6,068,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieframe.dll
+ 2008-10-16 20:24:09 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iernonce.dll
+ 2008-10-16 20:24:09 267,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iertutil.dll
+ 2008-10-16 12:46:08 13,824 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieudinit.exe
+ 2008-10-15 06:34:58 633,632 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
+ 2008-10-16 20:24:10 27,648 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\jsproxy.dll
+ 2008-10-16 20:24:10 459,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeeds.dll
+ 2008-10-16 20:24:10 52,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeedsbs.dll
+ 2008-10-16 20:24:10 3,595,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
+ 2008-10-16 20:24:10 477,696 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtmled.dll
+ 2008-10-16 20:24:10 193,024 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msrating.dll
+ 2008-10-16 20:24:10 671,232 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mstime.dll
+ 2008-10-16 20:24:10 102,912 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\occache.dll
+ 2008-10-16 20:24:10 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\pngfilt.dll
+ 2008-10-16 20:24:10 105,984 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\url.dll
+ 2008-10-16 20:24:11 1,163,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\urlmon.dll
+ 2008-10-16 20:24:11 233,472 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\webcheck.dll
+ 2008-10-16 20:24:11 827,904 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\updspapi.dll
+ 2006-10-19 01:03:58 100,864 -c----w c:\windows\$NtUninstallKB952069_WM9$\logagent.exe
+ 2007-07-27 17:41:48 231,288 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe
+ 2007-07-27 17:41:48 382,840 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\updspapi.dll
+ 2006-10-19 02:47:20 937,984 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmnetmgr.dll
+ 2006-10-19 02:47:22 2,450,944 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmvcore.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB954600$\spuninst\updspapi.dll
+ 2006-08-21 15:52:08 246,814 -c----w c:\windows\$NtUninstallKB954600$\strmdll.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB955839$\spuninst\updspapi.dll
+ 2008-07-14 11:09:18 62,976 -c----w c:\windows\$NtUninstallKB955839$\tzchange.exe
+ 2008-02-20 06:51:05 282,624 -c----w c:\windows\$NtUninstallKB956802$\gdi32.dll
+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956802$\spuninst\updspapi.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-10-17 10:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-11-12 18:28:19 12,288 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-12-12 19:53:14 12,288 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-11-12 18:28:19 135,168 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-12 19:53:14 135,168 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-12 18:28:19 11,264 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-12-12 19:53:14 11,264 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-11-12 18:28:19 27,136 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-12-12 19:53:14 27,136 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-12 18:28:19 4,096 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-12 19:53:14 4,096 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-12 18:28:19 794,624 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-12-12 19:53:14 794,624 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-12 18:28:19 23,040 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-12-12 19:53:15 23,040 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-11-12 18:28:19 286,720 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-12-12 19:53:14 286,720 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-12 18:28:19 409,600 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-12 19:53:14 409,600 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 1981-01-13 01:45:53 84,591 ------w c:\windows\system32\dayoyadu.dll
- 2008-08-26 07:24:28 124,928 ------w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 ------w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-02-20 06:51:05 282,624 ------w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:01:36 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 ------w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 01:03:58 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 09:09:22 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2006-08-21 15:52:08 246,814 ------w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30 105,984 ------w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 ------w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 02:47:20 937,984 ----a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 13:03:08 938,496 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 02:47:22 2,450,944 ----a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 13:03:14 2,458,112 ----a-w c:\windows\system32\dllcache\WMVCore.dll
+ 2008-08-14 15:57:42 74,720 ----a-w c:\windows\system32\drivers\adfs.sys
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-11-30 11:45:52 470,704 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-30 04:56:21 2,351,528 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-02-20 06:51:05 282,624 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 01:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 09:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2003-02-28 23:26:26 947,472 ----a-w c:\windows\system32\msjava.dll
+ 2008-07-31 18:16:54 947,472 ----a-w c:\windows\system32\msjava.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-11-03 16:28:50 73,226 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-12 21:33:51 73,226 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-03 16:28:50 446,438 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-12 21:33:51 446,438 ----a-w c:\windows\system32\perfh009.dat
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 17:41:40 16,760 ------w c:\windows\system32\spmsg.dll
- 2003-05-05 23:47:20 129,024 ----a-w c:\windows\system32\spool\drivers\w32x86\3\Ps5ui.dll
+ 2004-08-04 08:56:46 132,608 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
- 2003-05-05 23:47:20 455,168 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2004-08-04 08:56:46 464,384 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
- 2006-08-21 15:52:08 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 1981-01-13 02:17:46 86,109 ------w c:\windows\system32\vadihihe.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-19 02:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 13:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 02:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 13:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ba15638-5573-4d1b-b13a-7cbba6557fe9}]
c:\windows\system32\yiheguku.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-03-17 184320]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-06-27 189440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-08-19 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-11 110592]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-07-25 24576]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2006-07-26 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 13:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"midi1"= usbkt1x1.dll
"midi2"= usbkt1x1.dll
"midi4"= usbnp4x4.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Alex\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
1 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-14 23:04 332800 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-26 22:02 86016 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 13:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 13:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 13:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
--a------ 2005-11-09 13:19 634880 c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2003-12-10 01:52 380928 c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 08:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-07-25 11:57 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"=
"c:\\WINDOWS\\system32\\M-AudioTaskBarIcon.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 acpii;acpii;c:\windows\system32\drivers\acpii.sys [2008-11-23 86272]
R2 MAudioAudiophileService;M-Audio Audiophile Installer;c:\program files\M-Audio\Audiophile USB\MAUSBAPInst.exe [2007-09-25 81920]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S3 MADFU003;MADFU003;c:\windows\system32\DRIVERS\MADFU003.sys [2007-09-25 69248]
S3 MAUSBAP;Service for M-Audio Audiophile (WDM);c:\windows\system32\DRIVERS\mausbap.sys [2007-09-25 129408]
S3 UKS11LDR;Midiman USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2006-12-06 15708]
S3 USBKS1X1;Midiman USB Keystation Midi Driver;c:\windows\system32\drivers\usbks1x1.sys [2006-12-06 29168]
S3 USBNP4X4;M-Audio Audiophile USB Midi;c:\windows\system32\drivers\usbnp4x4.sys [2007-09-25 22336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0868c9c-82a0-11dc-85dc-0013ce20e2f2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc62d8b0-8bc7-11db-83c5-0013ce20e2f2}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.visaomedia.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\1hrj34kp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.visaomedia.com/
FF - component: c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\1hrj34kp.default\extensions\{0784CD66-62FE-4cef-ABF4-F8ED9B654ACC}\components\tab_effect_xpcom.dll
FF - component: c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\1hrj34kp.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 18:33:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\ZLT04b46.TMP 256 bytes
c:\windows\TEMP\ZLT05e6d.TMP 256 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Corel\WordPerfect\12\Power Bar\P*NULL*o*NULL*w*NULL*e*NULL*r*NULL* *NULL*B*NULL*a*NULL*r*NULL* *NULL*L*NULL*a*NULL*s*NULL*t*NULL* *NULL*S*NULL*e*NULL*l*NULL*e*NULL*c*NULL*t*NULL*e*NULL*d*NULL* *NULL*-*NULL* *NULL*8*NULL**NULL* |*NULL* *NULL* *NULL* *NULL* *NULL*2*NULL**NULL* |*NULL*ź*NULL**NULL* |*NULL*Ű*NULL**NULL* |*NULL*]
@Security="Inherited"
"0Times New Roman"=hex(80000006):30
"1Century Gothic"=hex(80000006):30
"2Arial"=hex(80000006):30
"3Courier New"=hex(80000006):30
"4Comic Sans MS"=hex(80000006):30
"5Verdana"=hex(80000006):30

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Intel\Display\igfxcui\Configurations\ActiveDevices\4*NULL*0*NULL*9*NULL*6*NULL*-*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*▄U*NULL*O*NULL*0*NULL*c*NULL*0*NULL*2*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-2517991065-2239970460-3140660145-1006
@Allowed: (Full) (S-1-5-21-2517991065-2239970460-3140660145-1006)
@Allowed: (Full) (S-1-5-21-2517991065-2239970460-3140660145-1006)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"OperatingMode"=dword:00000001
"PrimaryDevices"=dword:00001000
"SecondaryDevices"=dword:00000000
"PrimaryMode"="1280 by 800 True Color (65 Hz)"
"SecondaryMode"=""
"LFPPanelFitting"=dword:00000001

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Intel\Display\igfxcui\Configurations\ActiveDevices\4*NULL*0*NULL*9*NULL*6*NULL*-*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL* U*NULL*O*NULL*0*NULL*c*NULL*0*NULL*2*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-2517991065-2239970460-3140660145-1006
@Allowed: (Full) (S-1-5-21-2517991065-2239970460-3140660145-1006)
@Allowed: (Full) (S-1-5-21-2517991065-2239970460-3140660145-1006)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"OperatingMode"=dword:00000001
"PrimaryDevices"=dword:00001000
"SecondaryDevices"=dword:00000000
"PrimaryMode"="1280 by 800 True Color (65 Hz)"
"SecondaryMode"=""
"LFPPanelFitting"=dword:00000001

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Intel\Display\igfxcui\Configurations\ActiveDevices\4*NULL*0*NULL*9*NULL*6*NULL*-*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL* U*NULL*O*NULL*0*NULL*c*NULL*0*NULL*2*NULL*]
@Security="Inherited"
"OperatingMode"=dword:00000001
"PrimaryDevices"=dword:00001000
"SecondaryDevices"=dword:00000000
"PrimaryMode"="1280 by 800 True Color (65 Hz)"
"SecondaryMode"=""
"LFPPanelFitting"=dword:00000001

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Intel\Display\igfxcui\Configurations\ActiveDevices\4*NULL*0*NULL*9*NULL*6*NULL*-*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL* U*NULL*O*NULL*0*NULL*c*NULL*0*NULL*2*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-2517991065-2239970460-3140660145-1006
@Allowed: (Full) (S-1-5-21-2517991065-2239970460-3140660145-1006)
@Allowed: (Full) (S-1-5-21-2517991065-2239970460-3140660145-1006)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"OperatingMode"=dword:00000001
"PrimaryDevices"=dword:00001000
"SecondaryDevices"=dword:00000000
"PrimaryMode"="1280 by 800 True Color (65 Hz)"
"SecondaryMode"=""
"LFPPanelFitting"=dword:00000001

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Intel\Display\igfxcui\Configurations\AvailableDevices\4*NULL*0*NULL*9*NULL*6*NULL*-*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*▄U*NULL*O*NULL*0*NULL*c*NULL*0*NULL*2*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-2517991065-2239970460-3140660145-1006
@Allowed: (Full) (S-1-5-21-2517991065-2239970460-3140660145-1006)
@Allowed: (Full) (S-1-5-21-2517991065-2239970460-3140660145-1006)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"OperatingMode"=dword:00000001
"PrimaryDevices"=dword:00001000
"SecondaryDevices"=dword:00000000
"PrimaryMode"="1280 by 800 True Color (65 Hz)"
"SecondaryMode"=""
"LFPPanelFitting"=dword:00000001

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Intel\Display\igfxcui\Configurations\AvailableDevices\4*NULL*0*NULL*9*NULL*6*NULL*-*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL* U*NULL*O*NULL*0*NULL*c*NULL*0*NULL*2*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-2517991065-2239970460-3140660145-1006
@Allowed: (Full) (S-1-5-21-2517991065-2239970460-3140660145-1006)
@Allowed: (Full) (S-1-5-21-2517991065-2239970460-3140660145-1006)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"OperatingMode"=dword:00000001
"PrimaryDevices"=dword:00001000
"SecondaryDevices"=dword:00000000
"PrimaryMode"="1280 by 800 True Color (65 Hz)"
"SecondaryMode"=""
"LFPPanelFitting"=dword:00000001

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Intel\Display\igfxcui\Configurations\AvailableDevices\4*NULL*0*NULL*9*NULL*6*NULL*-*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL* U*NULL*O*NULL*0*NULL*c*NULL*0*NULL*2*NULL*]
@Security="Inherited"
"OperatingMode"=dword:00000001
"PrimaryDevices"=dword:00001000
"SecondaryDevices"=dword:00000000
"PrimaryMode"="1280 by 800 True Color (65 Hz)"
"SecondaryMode"=""
"LFPPanelFitting"=dword:00000001

[HKEY_USERS\S-1-5-21-2517991065-2239970460-3140660145-1006\Software\Intel\Display\igfxcui\Configurations\AvailableDevices\4*NULL*0*NULL*9*NULL*6*NULL*-*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL*#*NULL*-*NULL* U*NULL*O*NULL*0*NULL*c*NULL*0*NULL*2*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-2517991065-2239970460-3140660145-1006
@Allowed: (Full) (S-1-5-21-2517991065-2239970460-3140660145-1006)
@Allowed: (Full) (S-1-5-21-2517991065-2239970460-3140660145-1006)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"OperatingMode"=dword:00000001
"PrimaryDevices"=dword:00001000
"SecondaryDevices"=dword:00000000
"PrimaryMode"="1280 by 800 True Color (65 Hz)"
"SecondaryMode"=""
"LFPPanelFitting"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5B0B6C35-3AEA-9EAE-179EBB09B20EA2F1}\{75565C86-DCE5-4077-B0F3502E93E7104E}\{6B409343-0D15-4A1C-46DBD99A1375331F}*NULL*]
@Security="Inherited"
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,\
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Maxtor\OneTouch\Utils\SyncServices.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.5.0_08\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-01-12 18:46:34 - machine was rebooted [Alex]
ComboFix-quarantined-files.txt 2009-01-13 02:46:31

Pre-Run: 8,538,140,672 bytes free
Post-Run: 8,641,269,760 bytes free

725 --- E O F --- 2009-01-13 02:43:00




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users