Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan


  • This topic is locked This topic is locked
26 replies to this topic

#1 steelkobra03

steelkobra03

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 01 December 2008 - 10:37 AM

Theres A little red x shield icon in the task manager bar saying that im infected. Plus internet explorer is going crazy opening up alot of windows. Help plz

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:54 AM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll
O4 - HKLM\..\Run: [388b5d08] rundll32.exe "C:\WINDOWS\system32\pjfsgbws.dll",b
O4 - HKLM\..\Run: [lofohumuna] Rundll32.exe "C:\WINDOWS\system32\geveyefi.dll",s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SysDriver32] C:\WINDOWS\sys_32.exe
O4 - HKUS\S-1-5-19\..\Run: [lofohumuna] Rundll32.exe "C:\WINDOWS\system32\geveyefi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [lofohumuna] Rundll32.exe "C:\WINDOWS\system32\geveyefi.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.98.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28AF7E4F-907D-4F16-B00D-7909259B912F}: NameServer = 85.255.112.118;85.255.112.218
O20 - AppInit_DLLs: c:\windows\system32\yaveyaju.dll c:\windows\system32\jigefima.dll uylbkn.dll,C:\WINDOWS\system32\zofufelo.dll
O22 - SharedTaskScheduler: evacuative - {4d5b7736-a3bc-4e5b-9fa2-1bcc3e587abb} - C:\WINDOWS\system32\cwegus.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

--
End of file - 8004 bytes

Edited by steelkobra03, 01 December 2008 - 10:40 AM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 AM

Posted 07 December 2008 - 03:28 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 steelkobra03

steelkobra03
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 07 December 2008 - 09:31 PM

I am not able to run the kaspersky online scan because it says that the update has failed. I tried 3 times and even restarted my computer. The docs are attached.

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 AM

Posted 08 December 2008 - 01:11 PM

Hi.

Please do not attach it. Please re-run it and post it here. It's easier to see that way.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 steelkobra03

steelkobra03
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 08 December 2008 - 07:38 PM

OTViewIt logfile created on: 12/8/2008 6:35:37 PM - Run 5
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Pamela Perry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 68.40% Memory free
2.98 Gb Paging File | 2.78 Gb Available in Paging File | 93.13% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.02 Gb Total Space | 55.73 Gb Free Space | 78.47% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAMELA
Current User Name: Pamela Perry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/08/30 21:36:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005/08/30 21:36:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/06/05 20:08:28 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\pnkbstra.exe
[2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/12/07 15:43:34 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pamela Perry\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/03/03 19:50:47 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/30 21:36:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2005/08/30 20:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (CLTNetCnService [Auto | Stopped])
[2005/06/21 08:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device [Disabled | Stopped])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
File not found -- -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
[2002/12/17 16:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2008/06/05 20:08:28 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\pnkbstra.exe -- (PnkBstrA [Auto | Running])
File not found -- -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/05/12 10:26:19 | 00,068,672 | ---- | M] (2Wire, Inc.) -- C:\WINDOWS\system32\drivers\2WirePCP.sys -- (2WIREPCP [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/01/09 02:08:33 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System | Running])
[2005/08/30 21:42:36 | 01,333,760 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/03/22 14:49:09 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2004/08/04 06:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2004/02/10 21:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2006/11/30 03:00:00 | 00,387,384 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2004/03/06 04:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/06 04:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/06/16 03:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2003/10/17 19:33:56 | 00,014,848 | ---- | M] (JEILIN Technology Corp.) -- C:\WINDOWS\System32\jl2005.ax -- (JL2005 [On_Demand | Stopped])
[2008/04/13 12:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/02/29 02:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2005/03/09 19:50:16 | 00,033,792 | ---- | M] () -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0 [On_Demand | Stopped])
[2008/02/29 02:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/06 04:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2004/08/04 06:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008/12/01 01:46:57 | 00,027,904 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\ndisprot.sys -- (Ndisprot [On_Demand | Stopped])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/08/04 06:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Stopped])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/09/17 14:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
[2005/08/10 06:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005/05/16 07:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/11/03 08:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
[2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2005/01/27 21:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2004/08/04 06:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2007/07/24 15:21:05 | 00,682,232 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Stopped])
[2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2004/08/04 06:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2004/12/06 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/12/06 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/12/06 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/12/06 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/12/06 01:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/12/06 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/12/06 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/12/06 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/12/06 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2004/08/04 06:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Running])
[2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://www.google.com/ie
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.google.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://www.google.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=about:blank

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"@"=http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\asta]
""=http://astalavista.box.sk/cgi-bin/robot?srch=%s
" "=+
"#"=%23
"&"=%26
"?"=%3F
"+"=%2B
"="=%3D

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\bugs]
""=http://www.thebugs.ws/search.php?id=644&q=%s
" "=+
"#"=%23
"&"=%26
"?"=%3F
"+"=%2B
"="=%3D

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\proxy]
""=http://anonym.to/?http://%s
" "=+
"#"=%23
"&"=%26
"?"=%3F
"+"=%2B
"="=%3D

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://att.yahoo.com

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://att.yahoo.com

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"@"=http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\SearchURL\asta]
""=http://astalavista.box.sk/cgi-bin/robot?srch=%s
" "=+
"#"=%23
"&"=%26
"?"=%3F
"+"=%2B
"="=%3D

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\SearchURL\bugs]
""=http://www.thebugs.ws/search.php?id=644&q=%s
" "=+
"#"=%23
"&"=%26
"?"=%3F
"+"=%2B
"="=%3D

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\SearchURL\proxy]
""=http://anonym.to/?http://%s
" "=+
"#"=%23
"&"=%26
"?"=%3F
"+"=%2B
"="=%3D

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{ef7ef0ab-bbc9-4018-b8bd-8da2be73c110} (HKLM) -- C:\WINDOWS\system32\womayovi.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"388b5d08"=rundll32.exe "C:\WINDOWS\system32\hoziroki.dll",b ()
"CPM3bb86e94"=Rundll32.exe "C:\WINDOWS\system32\yovajobe.dll",a ()
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"lofohumuna"=Rundll32.exe "C:\WINDOWS\system32\pebapehe.dll",s ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
&Yahoo! Search: File not found
Backward &Links: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Cac&hed Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Si&milar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
&Yahoo! Search: File not found
Backward &Links: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Cac&hed Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Si&milar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- Reg Error: Key does not exist or could not be opened. File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 09:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Yahoo! Services] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} [HKLM] -> %ProgramFiles%\Yahoo!\common\ylogin.dll [] -> [2004/06/11 17:07:16 | 00,128,216 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Yahoo! Services] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} [HKLM] -> %ProgramFiles%\Yahoo!\common\ylogin.dll [] -> [2004/06/11 17:07:16 | 00,128,216 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Yahoo! Services] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Yahoo! Services] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0000000A-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/8/B...42/wmsp9dmo.cab -- Reg Error: Key does not exist or could not be opened.
{00000161-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/msaud.cab -- Reg Error: Key does not exist or could not be opened.
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Reg Error: Key does not exist or could not be opened.
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{193C772A-87BE-4B19-A7BB-445B226FE9A1}: http://downloads.ewido.net/ewidoOnlineScan.cab -- ewidoOnlineScan Control
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{231B1C6E-F934-42A2-92B6-C2FEFEC24276}: C:\Program Files\Yahoo!\common\yucconfig.dll -- yucsetreg Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{33564D57-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab -- Reg Error: Key does not exist or could not be opened.
{639658F3-B141-4D6B-B936-226F75A5EAC3}: http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab -- CPlayFirstDinerDash2Control Object
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}: http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab -- CPlayFirstddfotgControl Object
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_03
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}: http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.98.cab -- CPlayFirstDinerDashControl Object
Microsoft XML Parser for Java: -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{28AF7E4F-907D-4F16-B00D-7909259B912F} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{BDF7919A-636F-4760-98AD-E0F683B14BD1} (Servers: | Description: )
{C8136B4F-4926-4B10-AEF5-AB8A27184D37} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=c:\windows\system32\yaveyaju.dll c:\windows\system32\jigefima.dll mrpiid.dll C:\WINDOWS\system32\rebawiza.dll c:\windows\system32\yovajobe.dll
>File not found -- c:\windows\system32\yaveyaju.dll
>File not found -- c:\windows\system32\jigefima.dll
>File not found --
>[2008/09/08 17:38:58 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\system32\rebawiza.dll
>[2008/12/08 17:38:53 | 00,093,748 | -HS- | M] () -- c:\WINDOWS\system32\yovajobe.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
LBTWlgn: "DllName" = c:\program files\common files\logitech\bluetooth\LBTWlgn.dll -- c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (HKLM) -- c:\WINDOWS\system32\yovajobe.dll ()

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d5b7736-a3bc-4e5b-9fa2-1bcc3e587abb}" (HKLM) = evacuative -- C:\WINDOWS\system32\cwegus.dll File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" (HKLM) = STS -- c:\WINDOWS\system32\yovajobe.dll ()

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,, digeste.dll
>File not found --
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [pause | ]
[2007/11/21 16:03:54 | 00,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf ["" | ]
[2008/12/04 19:36:03 | 00,000,004 | -HS- | M] () -- C:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d5a4e32-3a2c-11dc-ab2b-00132099da49}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d5a4e32-3a2c-11dc-ab2b-00132099da49}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d5a4e32-3a2c-11dc-ab2b-00132099da49}\Shell\AutoRun\command]
""=E:\Install.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d8e08f4-2242-11dd-abae-00132099da49}\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d8e08f4-2242-11dd-abae-00132099da49}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d8e08f4-2242-11dd-abae-00132099da49}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 18:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d8e08f4-2242-11dd-abae-00132099da49}\Shell\Open\command]
""=E:\resycled\boot.com -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d66f0496-74f1-11dc-ab45-00132099da49}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d66f0496-74f1-11dc-ab45-00132099da49}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d66f0496-74f1-11dc-ab45-00132099da49}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 18:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\Open\command]
""=C:\resycled\boot.com -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/12/08 17:38:55 | 01,472,183 | -HS- | C] () -- C:\WINDOWS\System32\ikorizoh.ini
[2008/12/08 16:38:37 | 01,472,184 | -HS- | C] () -- C:\WINDOWS\System32\oyuliwey.ini
[2008/12/08 00:25:27 | 01,428,222 | -HS- | C] () -- C:\WINDOWS\System32\akepajib.ini
[2008/12/08 00:09:33 | 00,032,256 | ---- | C] () -- C:\WINDOWS\System32\~.exe
[2008/12/07 15:43:34 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pamela Perry\Desktop\OTViewIt.exe
[2008/12/07 12:24:39 | 01,428,222 | -HS- | C] () -- C:\WINDOWS\System32\epepatob.ini
[2008/12/04 18:55:49 | 00,000,000 | ---D | C] -- C:\Program Files\Wolfenstein - Enemy Territory
[2008/12/02 17:42:45 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\tmjjdu.dll
[2008/12/02 17:42:44 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ofbfkfwn.dll
[2008/12/02 17:40:57 | 00,000,004 | -HS- | C] () -- C:\autorun.inf
[2008/12/02 11:07:21 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\svglblje.dll
[2008/12/02 11:07:21 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ceplcb.dll
[2008/12/01 16:16:19 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\gkxrnc.dll
[2008/12/01 16:16:18 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\geaewhwm.dll
[2008/12/01 09:33:18 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Pamela Perry\Desktop\HijackThis.lnk
[2008/12/01 09:33:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/01 09:09:20 | 13,401,33376 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/01 08:45:21 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/12/01 07:35:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/12/01 07:30:55 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/12/01 07:21:26 | 00,592,896 | ---- | C] () -- C:\Documents and Settings\Pamela Perry\My Documents\How to use SDFix.doc
[2008/12/01 07:19:34 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Pamela Perry\Desktop\SDFix.exe
[2008/12/01 01:46:57 | 00,027,904 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ndisprot.sys
[2008/11/30 16:12:01 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\uylbkn.dll
[2008/11/30 16:12:00 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\hjwfxmng.dll
[2008/11/28 21:55:31 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/28 21:55:29 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/28 21:55:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/25 21:28:27 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2008/11/25 20:20:59 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\evewukip.ini
[2008/11/16 15:55:57 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/15 17:46:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/11/12 08:40:07 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files - Modified Within 30 Days ==========

[72 C:\WINDOWS\System32\*.tmp files]
[2008/12/08 18:35:17 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tavojija
[2008/12/08 17:44:10 | 01,472,183 | -HS- | M] () -- C:\WINDOWS\System32\ikorizoh.ini
[2008/12/08 17:38:53 | 00,093,748 | -HS- | M] () -- C:\WINDOWS\System32\yovajobe.dll
[2008/12/08 17:38:52 | 00,087,092 | -HS- | M] () -- C:\WINDOWS\System32\hoziroki.dll
[2008/12/08 17:38:51 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\zuzifore.dll
[2008/12/08 17:38:47 | 01,472,184 | -HS- | M] () -- C:\WINDOWS\System32\oyuliwey.ini
[2008/12/08 16:38:30 | 00,093,236 | -HS- | M] (ESET) -- C:\WINDOWS\System32\jujutoji.dll
[2008/12/08 16:38:29 | 00,086,580 | ---- | M] (ESET) -- C:\WINDOWS\System32\yewiluyo.dll
[2008/12/08 16:38:29 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\nedosoye.dll
[2008/12/08 07:29:42 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/08 07:29:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/08 07:29:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/08 07:28:59 | 13,401,33376 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/08 06:44:18 | 01,428,222 | -HS- | M] () -- C:\WINDOWS\System32\akepajib.ini
[2008/12/08 06:24:47 | 00,122,880 | ---- | M] () -- C:\Documents and Settings\Pamela Perry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/08 00:25:27 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\jazehode.dll
[2008/12/08 00:25:25 | 00,094,260 | -HS- | M] (ABBYY (BIT Software)) -- C:\WINDOWS\System32\litugesi.dll
[2008/12/08 00:25:23 | 00,088,628 | -HS- | M] () -- C:\WINDOWS\System32\bijapeka.dll
[2008/12/08 00:09:33 | 00,032,256 | ---- | M] () -- C:\WINDOWS\System32\~.exe
[2008/12/07 20:29:46 | 01,428,222 | -HS- | M] () -- C:\WINDOWS\System32\epepatob.ini
[2008/12/07 20:11:53 | 03,876,520 | -H-- | M] () -- C:\Documents and Settings\Pamela Perry\Local Settings\Application Data\IconCache.db
[2008/12/07 15:43:34 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pamela Perry\Desktop\OTViewIt.exe
[2008/12/07 12:24:35 | 00,087,604 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\botapepe.dll
[2008/12/07 12:24:34 | 00,093,236 | -HS- | M] () -- C:\WINDOWS\System32\jarizasu.dll
[2008/12/07 12:24:33 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\wafapume.dll
[2008/12/06 22:14:54 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\bimawoyo.dll
[2008/12/06 10:14:46 | 00,093,748 | -HS- | M] () -- C:\WINDOWS\System32\lisepeyo.dll
[2008/12/06 10:14:46 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\buwuwati.dll
[2008/12/05 16:53:07 | 00,092,724 | -HS- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\togobanu.dll
[2008/12/05 16:53:07 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\veyopiho.dll
[2008/12/05 04:46:52 | 00,093,748 | -HS- | M] () -- C:\WINDOWS\System32\tifiganu.dll
[2008/12/05 04:46:52 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\lugozeji.dll
[2008/12/05 03:46:38 | 00,093,748 | -HS- | M] () -- C:\WINDOWS\System32\sunapija.dll
[2008/12/05 03:46:35 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\tomavita.dll
[2008/12/04 19:36:31 | 00,001,167 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/04 19:36:31 | 00,000,311 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2008/12/04 19:36:31 | 00,000,231 | -HS- | M] () -- C:\boot.ini
[2008/12/04 19:36:03 | 00,000,004 | -HS- | M] () -- C:\autorun.inf
[2008/12/04 15:45:55 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\vitirunu.dll
[2008/12/04 06:46:49 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\vumeburi.dll
[2008/12/04 05:46:46 | 00,094,772 | -HS- | M] () -- C:\WINDOWS\System32\hajigeme.dll
[2008/12/04 05:46:45 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\jawoloki.dll
[2008/12/04 04:46:29 | 00,094,772 | -HS- | M] () -- C:\WINDOWS\System32\hererubi.dll
[2008/12/04 04:46:29 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\pakaride.dll
[2008/12/03 16:46:13 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\rimafafu.dll
[2008/12/03 04:45:50 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\nimaboyu.dll
[2008/12/02 17:42:44 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\tmjjdu.dll
[2008/12/02 17:42:44 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\ofbfkfwn.dll
[2008/12/02 16:45:32 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\fudarepe.dll
[2008/12/02 11:07:21 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\svglblje.dll
[2008/12/02 11:07:21 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\ceplcb.dll
[2008/12/02 04:45:23 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\togehupe.dll
[2008/12/01 16:45:01 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\guduzoti.dll
[2008/12/01 16:16:19 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\gkxrnc.dll
[2008/12/01 16:16:19 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\geaewhwm.dll
[2008/12/01 09:33:18 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Pamela Perry\Desktop\HijackThis.lnk
[2008/12/01 08:53:44 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/12/01 08:45:21 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/12/01 07:21:28 | 00,592,896 | ---- | M] () -- C:\Documents and Settings\Pamela Perry\My Documents\How to use SDFix.doc
[2008/12/01 07:19:36 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Pamela Perry\Desktop\SDFix.exe
[2008/12/01 04:44:41 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\sigubahi.dll
[2008/12/01 01:46:57 | 00,027,904 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ndisprot.sys
[2008/11/30 16:44:22 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\lanimaye.dll
[2008/11/30 16:12:00 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\uylbkn.dll
[2008/11/30 16:12:00 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\hjwfxmng.dll
[2008/11/30 04:44:04 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\lubujoko.dll
[2008/11/29 16:43:38 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\tazamuto.dll
[2008/11/29 15:43:28 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\deluteda.dll
[2008/11/29 14:43:19 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\doguzeri.dll
[2008/11/29 08:16:45 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\vivodiha.dll
[2008/11/29 07:16:27 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\jelulede.dll
[2008/11/29 06:16:32 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\sojevowu.dll
[2008/11/28 21:43:24 | 00,000,566 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/11/28 17:36:19 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\defusibo.dll
[2008/11/28 16:36:07 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\husinobe.dll
[2008/11/26 22:50:56 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\forilido.dll
[2008/11/26 21:50:41 | 00,064,052 | -HS- | M] () -- C:\WINDOWS\System32\javuyuve.dll
[2008/11/25 20:21:02 | 00,000,120 | -HS- | M] () -- C:\WINDOWS\System32\evewukip.ini
[2008/11/14 23:37:49 | 00,031,400 | ---- | M] () -- C:\Documents and Settings\Pamela Perry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/12 08:40:07 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
< End of report >

OTViewIt Extras logfile created on: 12/8/2008 6:35:37 PM - Run 5
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Pamela Perry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 68.40% Memory free
2.98 Gb Paging File | 2.78 Gb Available in Paging File | 93.13% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.02 Gb Total Space | 55.73 Gb Free Space | 78.47% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAMELA
Current User Name: Pamela Perry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value does not exist or could not be read.] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=1
"DoNotAllowExceptions"=1
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Documents and Settings\Quezzy\Desktop\Quezzy bleep\Quezzy apps\utorrent.exe:*:Enabled:µTorrent
[2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/10/24 16:10:18 | 04,662,776 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2006/10/24 16:10:20 | 00,091,128 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Documents and Settings\Pamela Perry\My Documents\Queezy'z bleep\utorrent.exe:*:Enabled:µTorrent
[2008/10/13 00:09:24 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Pamela Perry\My Documents\Downloads\Doc's\utorrent.exe:*:Enabled:µTorrent
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/04/13 18:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon
[2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService
[2008/04/13 18:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui
[2008/11/30 19:57:49 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox
[2005/08/30 21:36:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe:*:Enabled:Ati2evxx
[2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32
[2008/04/13 18:12:16 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon
[2008/12/08 07:34:49 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Pamela Perry\Local Settings\Temp\jkos-Pamela Perry\binaries\ScanningProcess.exe:*:Enabled:ScanningProcess
[2008/08/22 23:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}"=Macromedia Flash Player
"{098122AB-C605-4853-B441-C0A4EB359B75}"=DirectXInstallService
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}"=Intel® PROSet for Wired Connections
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2CCBABCB-6427-4A55-B091-49864623C43F}"=Google Toolbar for Firefox
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150030}"=J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}"=Logitech Registration
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Modem On Hold
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}"=Adobe® Photoshop® Album Starter Edition 3.0
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}"=Intel® Integrated Performance Primitives RTI 4.0
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.9
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}"=Digital Content Portal
"{6E179C77-7335-458D-9537-4F4EAC0181ED}"=Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}"=EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}"=Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}"=Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}"=924PLC32
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A683A2C0-821C-486F-858C-FA634DB5E864}"=EducateU
"{AC76BA86-7AD7-1033-7B44-A70800000002}"=Adobe Reader 7.0.8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"=ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E7559288-223B-453C-9F06-340E3BE21E39}"=MyWay Search Assistant
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F4A47B12-4314-4020-B458-EDF1C0F90BE5}"=ATI Catalyst Control Center
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"CCleaner"=CCleaner (remove only)
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"Dell Photo AIO Printer 924"=Dell Photo AIO Printer 924
"HijackThis"=HijackThis 2.0.2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet"=Intel® PRO Network Adapters and Drivers
"StreetPlugin"=Learn2 Player (Uninstall Only)
"torligstmwp.zip"=torligstmwp.zip
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb"=WebCyberCoach 3.2 Dell
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"Wolfenstein - Enemy Territory"=Wolfenstein - Enemy Territory
"Yahoo! Toolbar"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2008 1:23:08 PM | Computer Name = PAMELA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/4/2008 1:01:25 PM | Computer Name = PAMELA | Source = Spybot - Search & Destroy | ID = 0
Description =

Error - 10/7/2008 10:46:07 PM | Computer Name = PAMELA | Source = Spybot - Search & Destroy | ID = 0
Description =

Error - 10/29/2008 3:43:51 AM | Computer Name = PAMELA | Source = MsiInstaller | ID = 1013
Description = Product: iTunes -- The installation of QuickTime did not complete
successfully. iTunes requires QuickTime.

Error - 11/9/2008 3:34:17 AM | Computer Name = PAMELA | Source = Google Update | ID = 20
Description =

Error - 11/10/2008 12:30:50 AM | Computer Name = PAMELA | Source = Google Update | ID = 20
Description =

Error - 11/11/2008 9:46:01 AM | Computer Name = PAMELA | Source = Google Update | ID = 20
Description =

Error - 11/11/2008 7:09:56 PM | Computer Name = PAMELA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 11/11/2008 7:11:33 PM | Computer Name = PAMELA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 11/16/2008 6:39:40 PM | Computer Name = PAMELA | Source = Spybot - Search & Destroy | ID = 0
Description =

[ System Events ]
Error - 12/6/2008 11:37:05 PM | Computer Name = PAMELA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/7/2008 2:12:51 AM | Computer Name = PAMELA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/7/2008 2:39:39 AM | Computer Name = PAMELA | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 12/7/2008 2:39:39 AM | Computer Name = PAMELA | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 12/7/2008 2:41:09 AM | Computer Name = PAMELA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep IntelIde sdpiosys sptd

Error - 12/7/2008 3:59:05 PM | Computer Name = PAMELA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/7/2008 10:12:51 PM | Computer Name = PAMELA | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 12/7/2008 10:14:20 PM | Computer Name = PAMELA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep sdpiosys sptd

Error - 12/8/2008 9:29:14 AM | Computer Name = PAMELA | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 12/8/2008 9:30:43 AM | Computer Name = PAMELA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep sdpiosys sptd


< End of report >

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 8, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 08, 2008 08:14:54
Records in database: 1443593
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 59789
Threat name: 11
Infected objects: 35
Suspicious objects: 0
Duration of the scan: 01:44:22


File name / Threat name / Threats count
winlogon.exe\batomune.dll/winlogon.exe\batomune.dll Infected: Trojan.Win32.Inject.kyh 1
services.exe\batomune.dll/services.exe\batomune.dll Infected: Trojan.Win32.Inject.kyh 1
lsass.exe\batomune.dll/lsass.exe\batomune.dll Infected: Trojan.Win32.Inject.kyh 1
svchost.exe\batomune.dll/svchost.exe\batomune.dll Infected: Trojan.Win32.Inject.kyh 7
spoolsv.exe\batomune.dll/spoolsv.exe\batomune.dll Infected: Trojan.Win32.Inject.kyh 1
AppleMobileDeviceService.exe\batomune.dll/AppleMobileDeviceService.exe\batomune.dll Infected: Trojan.Win32.Inject.kyh 1
mDNSResponder.exe\batomune.dll/mDNSResponder.exe\batomune.dll Infected: Trojan.Win32.Inject.kyh 1
pnkbstra.exe\batomune.dll/pnkbstra.exe\batomune.dll Infected: Trojan.Win32.Inject.kyh 1
explorer.exe\batomune.dll/explorer.exe\batomune.dll Infected: Trojan.Win32.Inject.kyh 1
alg.exe\batomune.dll/alg.exe\batomune.dll Infected: Trojan.Win32.Inject.kyh 1
ctfmon.exe\batomune.dll/ctfmon.exe\batomune.dll Infected: Trojan.Win32.Inject.kyh 1
iexplore.exe\batomune.dll/iexplore.exe\batomune.dll Infected: Trojan.Win32.Inject.kyh 1
C:\Documents and Settings\Pamela Perry\Local Settings\Temp\tmp5.tmp Infected: Trojan.Win32.Small.yon 1
C:\Documents and Settings\Pamela Perry\Local Settings\Temp\tmp6.tmp Infected: Trojan.Win32.Patched.dw 1
C:\SDFix\backups\backups.zip Infected: Worm.Win32.AutoRun.nuu 1
C:\SDFix\backups\backups.zip Infected: Worm.Win32.AutoRun.tpq 1
C:\SDFix\backups\backups.zip Infected: Trojan.Win32.Monderb.xio 1
C:\SDFix\backups\backups.zip Infected: Trojan.Win32.Small.yon 1
C:\SDFix\backups\backups.zip Infected: Trojan.Win32.Patched.dw 2
C:\SDFix\backups\backups.zip Infected: Trojan.Win32.Small.ymw 1
C:\WINDOWS\system32\fapavifa.dll Infected: Trojan.Win32.Monder.aavx 1
C:\WINDOWS\system32\geaewhwm.dll Infected: Trojan.Win32.Monder.aaxp 1
C:\WINDOWS\system32\gkxrnc.dll Infected: Trojan.Win32.Monder.aaxp 1
C:\WINDOWS\system32\Macromed\Download\Install.exe Infected: Trojan-Dropper.Win32.Agent.aayv 1
C:\WINDOWS\system32\palifomu.dll Infected: Trojan.Win32.Monder.aavx 1
C:\WINDOWS\system32\yejoreko.dll Infected: Trojan.Win32.Monder.aavx 1
C:\WINDOWS\system32\~.exe Infected: Trojan-Downloader.Win32.Small.agvr 1
C:\WINDOWS\Temp\tmp7.tmp Infected: Worm.Win32.AutoRun.tpq 1

The selected area was scanned.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 AM

Posted 10 December 2008 - 01:05 PM

Hello and sorry for the delay.

You have a nasy infection here including a backdoor.

Posted ImageBackdoor Threat
Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

We will continue to disinfect please follow the instructions below:


Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..


Please post back with:
-Combofix log
-GMER log
-Fresh OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 steelkobra03

steelkobra03
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 December 2008 - 05:08 PM

GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2008-12-10 16:02:52
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk /r \??\E: autocheck autochk *sprestrt /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxdev.dll
LBTWlgn@DLLName = c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart@ = C:\WINDOWS\system32\ati2sgag.exe
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
CLTNetCnService@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon /*file not found*/
Fax@ = %systemroot%\system32\fxssvc.exe
PnkBstrA@ = C:\windows\system32\PnkBstrA.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys

HKLM\Software\Microsoft\Windows\CurrentVersion\Run@Kernel and Hardware Abstraction Layer = KHALMNPR.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@Yahoo! Pager"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{5CA3D70E-1895-11CF-8E15-001234567890} /*DriveLetterAccess*/C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{70EA7A16-C68E-4BD3-9178-ED465FA49BAF} /**/(null) =
@{5C7ECB25-7167-407E-A3B1-C176B63BCC2C} /**/(null) =
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\windows\system32\dfshim.dll = c:\windows\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\windows\system32\dfshim.dll = c:\windows\system32\dfshim.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\PROGRA~1\Yahoo!\common\ymmapi.dll = C:\PROGRA~1\Yahoo!\common\ymmapi.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} /*Logitech Setpoint Extension*/C:\Program Files\Logitech\SetPoint\kbcplext.dll = C:\Program Files\Logitech\SetPoint\kbcplext.dll
@{B9B9F083-2B04-452A-8691-83694AC1037B} /*Logitech Setpoint Extension*/C:\Program Files\Logitech\SetPoint\mcplext.dll = C:\Program Files\Logitech\SetPoint\mcplext.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{FE757C4C-2594-4E8C-8BA6-89F88F4B8B06} /**/(null) =

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Web Folders*/ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
PicaView@ =
sqkntxtx@{2a1caf0c-4c56-498e-8e67-e5b7409c0510} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\common\ymmapi.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://www.google.com = http://www.google.com
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

---- EOF - GMER 1.0.14 ----

GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2008-12-10 16:02:52
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk /r \??\E: autocheck autochk *sprestrt /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxdev.dll
LBTWlgn@DLLName = c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart@ = C:\WINDOWS\system32\ati2sgag.exe
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
CLTNetCnService@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon /*file not found*/
Fax@ = %systemroot%\system32\fxssvc.exe
PnkBstrA@ = C:\windows\system32\PnkBstrA.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys

HKLM\Software\Microsoft\Windows\CurrentVersion\Run@Kernel and Hardware Abstraction Layer = KHALMNPR.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@Yahoo! Pager"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{5CA3D70E-1895-11CF-8E15-001234567890} /*DriveLetterAccess*/C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{70EA7A16-C68E-4BD3-9178-ED465FA49BAF} /**/(null) =
@{5C7ECB25-7167-407E-A3B1-C176B63BCC2C} /**/(null) =
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\windows\system32\dfshim.dll = c:\windows\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\windows\system32\dfshim.dll = c:\windows\system32\dfshim.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\PROGRA~1\Yahoo!\common\ymmapi.dll = C:\PROGRA~1\Yahoo!\common\ymmapi.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} /*Logitech Setpoint Extension*/C:\Program Files\Logitech\SetPoint\kbcplext.dll = C:\Program Files\Logitech\SetPoint\kbcplext.dll
@{B9B9F083-2B04-452A-8691-83694AC1037B} /*Logitech Setpoint Extension*/C:\Program Files\Logitech\SetPoint\mcplext.dll = C:\Program Files\Logitech\SetPoint\mcplext.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{FE757C4C-2594-4E8C-8BA6-89F88F4B8B06} /**/(null) =

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Web Folders*/ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
PicaView@ =
sqkntxtx@{2a1caf0c-4c56-498e-8e67-e5b7409c0510} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\common\ymmapi.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://www.google.com = http://www.google.com
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

---- EOF - GMER 1.0.14 ----

OTViewIt logfile created on: 12/10/2008 4:06:15 PM - Run 6
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Pamela Perry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 64.99% Memory free
2.98 Gb Paging File | 2.76 Gb Available in Paging File | 92.49% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.02 Gb Total Space | 55.21 Gb Free Space | 77.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAMELA
Current User Name: Pamela Perry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/08/30 21:36:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005/08/30 21:36:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/06/05 20:08:28 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\pnkbstra.exe
[2008/04/13 18:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/04/13 18:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/11/30 19:57:49 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/04/17 21:13:02 | 00,811,008 | ---- | M] () -- C:\Documents and Settings\Pamela Perry\Desktop\gmer.exe
[2005/09/20 09:32:16 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/12/07 15:43:34 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pamela Perry\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/03/03 19:50:47 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/30 21:36:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2005/08/30 20:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (CLTNetCnService [Auto | Stopped])
[2005/06/21 08:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device [Disabled | Stopped])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
File not found -- -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
[2002/12/17 16:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2008/06/05 20:08:28 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\pnkbstra.exe -- (PnkBstrA [Auto | Running])
File not found -- -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/05/12 10:26:19 | 00,068,672 | ---- | M] (2Wire, Inc.) -- C:\WINDOWS\system32\drivers\2WirePCP.sys -- (2WIREPCP [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/01/09 02:08:33 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System | Running])
[2005/08/30 21:42:36 | 01,333,760 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/03/22 14:49:09 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2004/08/04 06:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2004/02/10 21:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2006/11/30 03:00:00 | 00,387,384 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/12/10 15:54:43 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2004/03/06 04:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/06 04:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/06/16 03:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2003/10/17 19:33:56 | 00,014,848 | ---- | M] (JEILIN Technology Corp.) -- C:\WINDOWS\System32\jl2005.ax -- (JL2005 [On_Demand | Stopped])
[2008/04/13 12:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/02/29 02:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2005/03/09 19:50:16 | 00,033,792 | ---- | M] () -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0 [On_Demand | Stopped])
[2008/02/29 02:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/06 04:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2004/08/04 06:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008/12/01 01:46:57 | 00,027,904 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\ndisprot.sys -- (Ndisprot [On_Demand | Stopped])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/08/04 06:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Stopped])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/09/17 14:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
[2005/08/10 06:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005/05/16 07:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/11/03 08:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
[2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2005/01/27 21:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2004/08/04 06:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2007/07/24 15:21:05 | 00,682,232 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Stopped])
[2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2004/08/04 06:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2004/12/06 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/12/06 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/12/06 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/12/06 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/12/06 01:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/12/06 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/12/06 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/12/06 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/12/06 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2004/08/04 06:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Running])
[2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"@"=http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\asta]
""=http://astalavista.box.sk/cgi-bin/robot?srch=%s
" "=+
"#"=%23
"&"=%26
"?"=%3F
"+"=%2B
"="=%3D

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\bugs]
""=http://www.thebugs.ws/search.php?id=644&q=%s
" "=+
"#"=%23
"&"=%26
"?"=%3F
"+"=%2B
"="=%3D

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\proxy]
""=http://anonym.to/?http://%s
" "=+
"#"=%23
"&"=%26
"?"=%3F
"+"=%2B
"="=%3D

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"@"=http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\SearchURL\asta]
""=http://astalavista.box.sk/cgi-bin/robot?srch=%s
" "=+
"#"=%23
"&"=%26
"?"=%3F
"+"=%2B
"="=%3D

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\SearchURL\bugs]
""=http://www.thebugs.ws/search.php?id=644&q=%s
" "=+
"#"=%23
"&"=%26
"?"=%3F
"+"=%2B
"="=%3D

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\SearchURL\proxy]
""=http://anonym.to/?http://%s
" "=+
"#"=%23
"&"=%26
"?"=%3F
"+"=%2B
"="=%3D

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
&Yahoo! Search: File not found
Backward &Links: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Cac&hed Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Si&milar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
&Yahoo! Search: File not found
Backward &Links: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Cac&hed Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Si&milar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll [2006/02/14 20:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- Reg Error: Key does not exist or could not be opened. File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 09:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Yahoo! Services] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} [HKLM] -> %ProgramFiles%\Yahoo!\common\ylogin.dll [] -> [2004/06/11 17:07:16 | 00,128,216 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Yahoo! Services] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} [HKLM] -> %ProgramFiles%\Yahoo!\common\ylogin.dll [] -> [2004/06/11 17:07:16 | 00,128,216 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Yahoo! Services] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> [Yahoo! Services] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-531041457-996493895-2537316996-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0000000A-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/8/B...42/wmsp9dmo.cab -- Reg Error: Key does not exist or could not be opened.
{00000161-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/msaud.cab -- Reg Error: Key does not exist or could not be opened.
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Reg Error: Key does not exist or could not be opened.
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{193C772A-87BE-4B19-A7BB-445B226FE9A1}: http://downloads.ewido.net/ewidoOnlineScan.cab -- ewidoOnlineScan Control
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{231B1C6E-F934-42A2-92B6-C2FEFEC24276}: C:\Program Files\Yahoo!\common\yucconfig.dll -- yucsetreg Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{33564D57-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab -- Reg Error: Key does not exist or could not be opened.
{639658F3-B141-4D6B-B936-226F75A5EAC3}: http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab -- CPlayFirstDinerDash2Control Object
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}: http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab -- CPlayFirstddfotgControl Object
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_03
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}: http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.98.cab -- CPlayFirstDinerDashControl Object
Microsoft XML Parser for Java: -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{28AF7E4F-907D-4F16-B00D-7909259B912F} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{BDF7919A-636F-4760-98AD-E0F683B14BD1} (Servers: | Description: )
{C8136B4F-4926-4B10-AEF5-AB8A27184D37} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
LBTWlgn: "DllName" = c:\program files\common files\logitech\bluetooth\LBTWlgn.dll -- c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [pause | ]
[2007/11/21 16:03:54 | 00,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d5a4e32-3a2c-11dc-ab2b-00132099da49}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d5a4e32-3a2c-11dc-ab2b-00132099da49}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d5a4e32-3a2c-11dc-ab2b-00132099da49}\Shell\AutoRun\command]
""=E:\Install.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d66f0496-74f1-11dc-ab45-00132099da49}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d66f0496-74f1-11dc-ab45-00132099da49}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d66f0496-74f1-11dc-ab45-00132099da49}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 18:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\Open\command]
""=C:\resycled\boot.com -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/12/10 16:04:13 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/12/10 16:02:11 | 17,593,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/10 16:01:27 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/12/10 16:00:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008/12/10 16:00:30 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2008/12/10 15:54:45 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/10 15:54:43 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/10 15:54:43 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/10 15:54:43 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/10 15:54:43 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/10 15:53:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/12/10 15:46:14 | 00,001,476 | ---- | C] () -- C:\Documents and Settings\Pamela Perry\Desktop\DivX Movies.lnk
[2008/12/10 15:46:14 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Pamela Perry\Desktop\Spybot - Search & Destroy.lnk
[2008/12/10 15:46:14 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\Pamela Perry\Desktop\Windows Media Player.lnk
[2008/12/10 15:46:13 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Pamela Perry\Desktop\Anti Trojan Elite.lnk
[2008/12/10 15:41:03 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/12/10 15:40:57 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/12/10 15:33:18 | 00,000,231 | ---- | C] () -- C:\Boot.bak
[2008/12/10 15:33:15 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/12/10 15:33:07 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/12/10 15:31:17 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/12/10 15:31:17 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/12/10 15:31:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/12/10 15:31:17 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/12/10 15:31:17 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/12/10 15:31:17 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/10 15:31:17 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/10 15:31:17 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/12/10 15:31:17 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/12/10 15:31:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/10 15:31:11 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/12/10 15:30:53 | 00,811,008 | ---- | C] () -- C:\Documents and Settings\Pamela Perry\Desktop\gmer.exe
[2008/12/10 15:29:40 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Pamela Perry\Desktop\gmer.zip
[2008/12/10 15:26:02 | 02,872,018 | R--- | C] () -- C:\Documents and Settings\Pamela Perry\Desktop\ComboFix.exe
[2008/12/07 15:43:34 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pamela Perry\Desktop\OTViewIt.exe
[2008/12/04 18:55:49 | 00,000,000 | ---D | C] -- C:\Program Files\Wolfenstein - Enemy Territory
[2008/12/01 09:33:18 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Pamela Perry\Desktop\HijackThis.lnk
[2008/12/01 09:33:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/01 09:09:20 | 13,401,33376 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/01 08:45:21 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/12/01 07:35:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/12/01 07:30:55 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/12/01 07:21:26 | 00,592,896 | ---- | C] () -- C:\Documents and Settings\Pamela Perry\My Documents\How to use SDFix.doc
[2008/12/01 07:19:34 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Pamela Perry\Desktop\SDFix.exe
[2008/12/01 01:46:57 | 00,027,904 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ndisprot.sys
[2008/11/28 21:55:31 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/28 21:55:29 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/28 21:55:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/25 21:28:27 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2008/11/16 15:55:57 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/15 17:46:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/11/12 08:40:07 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files - Modified Within 30 Days ==========

[104 C:\WINDOWS\System32\*.tmp files]
[2008/12/10 16:04:20 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/10 15:58:54 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/10 15:57:36 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/10 15:56:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/10 15:56:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/10 15:56:50 | 13,401,33376 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/10 15:56:04 | 04,353,616 | -H-- | M] () -- C:\Documents and Settings\Pamela Perry\Local Settings\Application Data\IconCache.db
[2008/12/10 15:54:43 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/10 15:54:43 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/10 15:54:43 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/10 15:46:15 | 00,000,293 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/10 15:46:02 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/10 15:34:03 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tavojija
[2008/12/10 15:33:18 | 00,000,301 | RHS- | M] () -- C:\boot.ini
[2008/12/10 15:29:53 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Pamela Perry\Desktop\gmer.zip
[2008/12/10 15:26:04 | 02,872,018 | R--- | M] () -- C:\Documents and Settings\Pamela Perry\Desktop\ComboFix.exe
[2008/12/10 01:33:11 | 00,125,952 | ---- | M] () -- C:\Documents and Settings\Pamela Perry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/07 15:43:34 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pamela Perry\Desktop\OTViewIt.exe
[2008/12/04 19:36:31 | 00,001,167 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/04 19:36:31 | 00,000,231 | ---- | M] () -- C:\Boot.bak
[2008/12/01 09:33:18 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Pamela Perry\Desktop\HijackThis.lnk
[2008/12/01 08:45:21 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/12/01 07:21:28 | 00,592,896 | ---- | M] () -- C:\Documents and Settings\Pamela Perry\My Documents\How to use SDFix.doc
[2008/12/01 07:19:36 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Pamela Perry\Desktop\SDFix.exe
[2008/12/01 01:46:57 | 00,027,904 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ndisprot.sys
[2008/11/28 21:43:24 | 00,000,566 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/11/14 23:37:49 | 00,031,400 | ---- | M] () -- C:\Documents and Settings\Pamela Perry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/12 08:40:07 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
< End of report >

OTViewIt Extras logfile created on: 12/10/2008 4:06:15 PM - Run 6
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Pamela Perry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 64.99% Memory free
2.98 Gb Paging File | 2.76 Gb Available in Paging File | 92.49% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.02 Gb Total Space | 55.21 Gb Free Space | 77.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAMELA
Current User Name: Pamela Perry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value does not exist or could not be read.] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=1
"DoNotAllowExceptions"=1
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/10/24 16:10:18 | 04,662,776 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2006/10/24 16:10:20 | 00,091,128 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/10/13 00:09:24 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Pamela Perry\My Documents\Downloads\Doc's\utorrent.exe:*:Enabled:µTorrent
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService
[2008/11/30 19:57:49 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox
[2005/08/30 21:36:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe:*:Enabled:Ati2evxx
File not found -- C:\ComboFix\fdsv.cfexe:*:Enabled:fdsv

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}"=Macromedia Flash Player
"{098122AB-C605-4853-B441-C0A4EB359B75}"=DirectXInstallService
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}"=Intel® PROSet for Wired Connections
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2CCBABCB-6427-4A55-B091-49864623C43F}"=Google Toolbar for Firefox
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150030}"=J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}"=Logitech Registration
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Modem On Hold
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}"=Adobe® Photoshop® Album Starter Edition 3.0
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}"=Intel® Integrated Performance Primitives RTI 4.0
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.9
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}"=Digital Content Portal
"{6E179C77-7335-458D-9537-4F4EAC0181ED}"=Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}"=EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}"=Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}"=Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}"=924PLC32
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A683A2C0-821C-486F-858C-FA634DB5E864}"=EducateU
"{AC76BA86-7AD7-1033-7B44-A70800000002}"=Adobe Reader 7.0.8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"=ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E7559288-223B-453C-9F06-340E3BE21E39}"=MyWay Search Assistant
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F4A47B12-4314-4020-B458-EDF1C0F90BE5}"=ATI Catalyst Control Center
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"CCleaner"=CCleaner (remove only)
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"Dell Photo AIO Printer 924"=Dell Photo AIO Printer 924
"HijackThis"=HijackThis 2.0.2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet"=Intel® PRO Network Adapters and Drivers
"StreetPlugin"=Learn2 Player (Uninstall Only)
"torligstmwp.zip"=torligstmwp.zip
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb"=WebCyberCoach 3.2 Dell
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"Wolfenstein - Enemy Territory"=Wolfenstein - Enemy Territory
"Yahoo! Toolbar"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/7/2008 10:46:07 PM | Computer Name = PAMELA | Source = Spybot - Search & Destroy | ID = 0
Description =

Error - 10/29/2008 3:43:51 AM | Computer Name = PAMELA | Source = MsiInstaller | ID = 1013
Description = Product: iTunes -- The installation of QuickTime did not complete
successfully. iTunes requires QuickTime.

Error - 11/9/2008 3:34:17 AM | Computer Name = PAMELA | Source = Google Update | ID = 20
Description =

Error - 11/10/2008 12:30:50 AM | Computer Name = PAMELA | Source = Google Update | ID = 20
Description =

Error - 11/11/2008 9:46:01 AM | Computer Name = PAMELA | Source = Google Update | ID = 20
Description =

Error - 11/11/2008 7:09:56 PM | Computer Name = PAMELA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 11/11/2008 7:11:33 PM | Computer Name = PAMELA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 11/16/2008 6:39:40 PM | Computer Name = PAMELA | Source = Spybot - Search & Destroy | ID = 0
Description =

Error - 12/10/2008 5:33:53 PM | Computer Name = PAMELA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/10/2008 5:33:53 PM | Computer Name = PAMELA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 12/7/2008 10:14:20 PM | Computer Name = PAMELA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep sdpiosys sptd

Error - 12/8/2008 9:29:14 AM | Computer Name = PAMELA | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 12/8/2008 9:30:43 AM | Computer Name = PAMELA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep sdpiosys sptd

Error - 12/9/2008 12:38:16 AM | Computer Name = PAMELA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/10/2008 3:15:56 AM | Computer Name = PAMELA | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 12/10/2008 3:17:26 AM | Computer Name = PAMELA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep sdpiosys sptd

Error - 12/10/2008 5:37:33 PM | Computer Name = PAMELA | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 12/10/2008 5:37:45 PM | Computer Name = PAMELA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep sdpiosys sptd

Error - 12/10/2008 5:57:01 PM | Computer Name = PAMELA | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 12/10/2008 5:57:20 PM | Computer Name = PAMELA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep sdpiosys sptd


< End of report >

Edited by steelkobra03, 10 December 2008 - 05:09 PM.


#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 AM

Posted 10 December 2008 - 05:18 PM

Hello.

Could you also paste the log of Combofix.txt to me as well.

please re-run GMER again and follow the instructions on running GMER using the rootkit tab.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.

  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..


From what I see you ran GMER with

Autostart scan 2008-12-10 16:02:52


What I need to see is the Rootkit scan.

Please post back with:
-Combofix log
-New GMER log with the rootkit scan.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 steelkobra03

steelkobra03
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 December 2008 - 06:09 PM

Ok, this is not complex but I don't see a combofix.txt, but there's a folder in the c: drive called Qoobox and inside there, there is a combofix2.txt and here is the other log you are looking for, my mistake on that.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-10 16:49:53
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.14 ----

Device \FileSystem\Fastfat \Fat AFE75D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF4 0x9B 0xD5 0x80 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5F 0x56 0x12 0xDA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFA 0xDE 0xB4 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF4 0x9B 0xD5 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5F 0x56 0x12 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFA 0xDE 0xB4 0x66 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF4 0x9B 0xD5 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5F 0x56 0x12 0xDA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFA 0xDE 0xB4 0x66 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF4 0x9B 0xD5 0x80 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5F 0x56 0x12 0xDA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFA 0xDE 0xB4 0x66 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF4 0x9B 0xD5 0x80 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5F 0x56 0x12 0xDA ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFA 0xDE 0xB4 0x66 ...

---- EOF - GMER 1.0.14 ----

Edited by steelkobra03, 10 December 2008 - 06:15 PM.


#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 AM

Posted 10 December 2008 - 06:14 PM

Hello.

Ok, this is not complex but I don't see a combofix.txt but here is the other log you are looking for, my mistake on that.

No Problem, we all make mistakes sometimes :thumbsup:

Did you run Combofix?

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

If you did, the Combofix log should of poped up, if not it can be found in C:\Combofix.txt

Post back with the Combofix log.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 steelkobra03

steelkobra03
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 December 2008 - 06:20 PM

Yes, that was the first step I've done after I read but I guess I'll have to run it again.

#12 steelkobra03

steelkobra03
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 December 2008 - 06:28 PM

ComboFix 08-12-09.03 - Pamela Perry 2008-12-10 17:21:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.921 [GMT -6:00]
Running from: c:\documents and settings\Pamela Perry\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-10 16:00 . 2008-12-10 16:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-10 15:54 . 2008-12-10 16:35 345 --a------ c:\windows\gmer.ini
2008-12-10 15:41 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-10 15:40 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-04 18:55 . 2008-12-04 19:08 <DIR> d-------- c:\program files\Wolfenstein - Enemy Territory
2008-12-01 09:33 . 2008-12-01 09:33 <DIR> d-------- c:\program files\Trend Micro
2008-12-01 08:45 . 2008-12-01 08:45 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-01 07:35 . 2008-12-01 07:35 <DIR> d-------- c:\windows\ERUNT
2008-12-01 07:30 . 2008-12-01 09:23 <DIR> d-------- C:\SDFix
2008-12-01 01:46 . 2008-12-01 01:46 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-28 21:55 . 2008-11-29 00:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 21:55 . 2008-10-22 16:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 21:55 . 2008-10-22 16:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-25 21:28 . 2008-11-28 21:15 <DIR> d-------- c:\program files\SpywareGuard
2008-11-16 15:55 . 2008-11-16 15:56 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-15 17:46 . 2008-11-15 17:46 <DIR> d-------- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 01:17 --------- d-----w c:\program files\CCleaner
2008-11-29 03:50 --------- d-----w c:\program files\Apple Software Update
2008-11-29 03:46 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-18 22:36 --------- d-----w c:\program files\Common Files\Apple
2008-11-18 22:36 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-18 22:34 --------- d-----w c:\program files\iTunes
2008-11-09 02:36 --------- d-----w c:\documents and settings\Pamela Perry\Application Data\uTorrent
2008-11-09 02:22 --------- d-----w c:\program files\DivX
2008-10-30 13:58 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-10-30 13:53 --------- d-----w c:\program files\Common Files\AVSMedia
2008-10-30 13:50 --------- d-----w c:\documents and settings\Pamela Perry\Application Data\AVS4YOU
2008-10-30 13:50 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 -c--a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-12 18:06 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 13:40 64,052 --sha-w c:\windows\system32\sijadiro.dll.tmp
2008-09-10 13:40 64,052 --sha-w c:\windows\system32\piragobo.dll.tmp
2008-09-10 13:40 64,052 --sha-w c:\windows\system32\novituto.dll.tmp
2008-09-10 01:40 64,052 --sha-w c:\windows\system32\kadazope.dll.tmp
2008-09-10 01:40 64,052 --sha-w c:\windows\system32\hivopigi.dll.tmp
2008-09-10 01:40 64,052 --sha-w c:\windows\system32\dobiyide.dll.tmp
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-02-17 20:18 133 ---ha-w c:\documents and settings\Pamela Perry\Application Data\brara1985.sys
2007-12-01 06:55 256 ----a-w c:\documents and settings\Pamela Perry\pool.bin
2008-08-23 10:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082320080824\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-10_15.50.27.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-12-10 21:54:43 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 03:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-12-10 22:00:31 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-08-26 07:24:28 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 01:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 07:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-17 08:08:40 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
- 2008-08-26 07:24:30 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 02:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 11:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 02:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 11:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-07-19 03:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 20:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-12-10 21:54:43 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 01:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 07:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-12-09 21:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-17 08:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-04-14 00:12:01 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 00:12:38 60,416 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2006-10-19 02:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 11:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 02:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 11:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-09-30 22:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 22:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 4662776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Pamela Perry^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Pamela Perry\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Pamela Perry^Start Menu^Programs^Startup^Empty.pif]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a--c--- 2005-08-30 23:40 57344 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a--c--- 2005-11-21 20:59 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-12-06 01:05 127035 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCCCATS]
--a--c--- 2005-06-07 06:38 69632 c:\windows\system32\spool\drivers\w32x86\3\dlcctime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
--a--c--- 2005-07-22 07:03 425984 c:\program files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a--c--- 2006-04-06 10:51 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-09-20 09:36 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a--c--- 2004-08-04 05:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 05:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a--c--- 2003-09-03 20:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 04:40 218032 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 04:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 06:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 06:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 06:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
--a--c--- 2004-11-11 10:26 26112 c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 19:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 12:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-10-24 16:10 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Pamela Perry\\My Documents\\Downloads\\Doc's\\utorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\ComboFix\\fdsv.cfexe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54631:TCP"= 54631:TCP:torrent

S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys []
S3 JL2005;JL2005A Camera; []
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2007-10-20 33792]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-01 27904]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - c:\resycled\boot.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d5a4e32-3a2c-11dc-ab2b-00132099da49}]
\Shell\AutoRun\command - E:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d66f0496-74f1-11dc-ab45-00132099da49}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://yahoo.sbc.com/dsl
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\ewidoOnlineScan.dll - O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FireFox -: Profile - c:\documents and settings\Pamela Perry\Application Data\Mozilla\Firefox\Profiles\og4oyofi.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 17:24:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2008-12-10 17:27:11
ComboFix-quarantined-files.txt 2008-12-10 23:26:20
ComboFix2.txt 2008-12-10 21:53:09

Pre-Run: 62,942,216,192 bytes free
Post-Run: 62,924,509,184 bytes free

455 --- E O F --- 2008-12-10 22:04:32

Edited by steelkobra03, 10 December 2008 - 06:30 PM.


#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 AM

Posted 10 December 2008 - 06:32 PM

Hello.

Yes, that was the first step I've done after I read but I guess I'll have to run it again.

I see you edited your post in the previous posts. In this case run Combofix again then..

post me the results and see in your C:\Qoobox\ComboFix2.txt<-See if that is there.

With Regards,
Extremeboy

Edited by extremeboy, 10 December 2008 - 06:33 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 AM

Posted 10 December 2008 - 06:34 PM

Hello.

Oh you already posted the 2nd Combofix log, I didn't see it until I post. From the Combofix log it seems that Combofix2.txt is there.

I believe you ran Combofix twice already?

Anyways please navigate to the following folder and post back with Combofix2.txt
C:\Qoobox\Combofix2.txt

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 steelkobra03

steelkobra03
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 December 2008 - 07:00 PM

ComboFix 08-12-09.03 - Pamela Perry 2008-12-10 15:33:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.876 [GMT -6:00]
Running from: c:\documents and settings\Pamela Perry\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\docume~1\PAMELA~2\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\PAMELA~2\LOCALS~1\Temp\tmp2.tmp
c:\windows\system\oeminfo.ini
c:\windows\system32\~.exe
c:\windows\system32\ajawibol.ini
c:\windows\system32\akepajib.ini
c:\windows\system32\avutisak.ini
c:\windows\system32\ayifebub.ini
c:\windows\system32\bijapeka.dll
c:\windows\system32\bimawoyo.dll
c:\windows\system32\botapepe.dll
c:\windows\system32\bubefiya.dll
c:\windows\system32\buwuwati.dll
c:\windows\system32\ceplcb.dll
c:\windows\system32\dayoboro.dll
c:\windows\system32\defupabo.dll
c:\windows\system32\defusibo.dll
c:\windows\system32\deluteda.dll
c:\windows\system32\dibiyowa.dll
c:\windows\system32\doguzeri.dll
c:\windows\system32\epepatob.ini
c:\windows\system32\evewukip.ini
c:\windows\system32\fapavifa.dll
c:\windows\system32\fimigoyu.dll
c:\windows\system32\fofufenu.dll
c:\windows\system32\forilido.dll
c:\windows\system32\fudarepe.dll
c:\windows\system32\gayusomi.dll
c:\windows\system32\geaewhwm.dll
c:\windows\system32\gkxrnc.dll
c:\windows\system32\goyazime.dll
c:\windows\system32\guduzoti.dll
c:\windows\system32\hajigeme.dll
c:\windows\system32\hererubi.dll
c:\windows\system32\hjwfxmng.dll
c:\windows\system32\hoziroki.dll
c:\windows\system32\husinobe.dll
c:\windows\system32\ikorizoh.ini
c:\windows\system32\inuputaj.ini
c:\windows\system32\jarizasu.dll
c:\windows\system32\jatupuni.dll
c:\windows\system32\javuyuve.dll
c:\windows\system32\jawoloki.dll
c:\windows\system32\jazehode.dll
c:\windows\system32\jelulede.dll
c:\windows\system32\jujutoji.dll
c:\windows\system32\juyobosu.dll
c:\windows\system32\kasituva.dll
c:\windows\system32\kemepiga.dll
c:\windows\system32\lanimaye.dll
c:\windows\system32\lisepeyo.dll
c:\windows\system32\litugesi.dll
c:\windows\system32\lobiwaja.dll
c:\windows\system32\lubujoko.dll
c:\windows\system32\lugozeji.dll
c:\windows\system32\luyehije.dll
c:\windows\system32\mesegahe.dll
c:\windows\system32\morazolu.dll
c:\windows\system32\nedosoye.dll
c:\windows\system32\nimaboyu.dll
c:\windows\system32\ofbfkfwn.dll
c:\windows\system32\opohifuz.ini
c:\windows\system32\oyuliwey.ini
c:\windows\system32\pabevajo.dll
c:\windows\system32\pakaride.dll
c:\windows\system32\palifomu.dll
c:\windows\system32\Process.exe
c:\windows\system32\ratisobe.dll
c:\windows\system32\rimafafu.dll
c:\windows\system32\riyadipo.dll
c:\windows\system32\ruhegozi.dll
c:\windows\system32\segivuva.dll
c:\windows\system32\sigubahi.dll
c:\windows\system32\sojevowu.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sunapija.dll
c:\windows\system32\svglblje.dll
c:\windows\system32\takoyevi.dll
c:\windows\system32\tazamuto.dll
c:\windows\system32\tifiganu.dll
c:\windows\system32\tmjjdu.dll
c:\windows\system32\togehupe.dll
c:\windows\system32\togobanu.dll
c:\windows\system32\tomavita.dll
c:\windows\system32\uylbkn.dll
c:\windows\system32\veyopiho.dll
c:\windows\system32\vitirunu.dll
c:\windows\system32\vivodiha.dll
c:\windows\system32\vumeburi.dll
c:\windows\system32\wafapume.dll
c:\windows\system32\wayomora.dll
c:\windows\system32\yajosofo.dll
c:\windows\system32\yejoreko.dll
c:\windows\system32\yewiluyo.dll
c:\windows\system32\yovajobe.dll
c:\windows\system32\zohijiho.dll
c:\windows\system32\zufihopo.dll
c:\windows\system32\zupikure.dll
c:\windows\system32\zuzifore.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALFACLEANERSERVICE
-------\Legacy_I386P


((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-10 15:38 . 2008-12-10 15:40 <DIR> d-------- c:\windows\LastGood
2008-12-04 18:55 . 2008-12-04 19:08 <DIR> d-------- c:\program files\Wolfenstein - Enemy Territory
2008-12-01 09:33 . 2008-12-01 09:33 <DIR> d-------- c:\program files\Trend Micro
2008-12-01 08:45 . 2008-12-01 08:45 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-01 07:35 . 2008-12-01 07:35 <DIR> d-------- c:\windows\ERUNT
2008-12-01 07:30 . 2008-12-01 09:23 <DIR> d-------- C:\SDFix
2008-12-01 01:46 . 2008-12-01 01:46 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-28 21:55 . 2008-11-29 00:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 21:55 . 2008-10-22 16:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 21:55 . 2008-10-22 16:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-25 21:28 . 2008-11-28 21:15 <DIR> d-------- c:\program files\SpywareGuard
2008-11-16 15:55 . 2008-11-16 15:56 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-15 17:46 . 2008-11-15 17:46 <DIR> d-------- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 01:17 --------- d-----w c:\program files\CCleaner
2008-11-29 03:50 --------- d-----w c:\program files\Apple Software Update
2008-11-29 03:46 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-18 22:36 --------- d-----w c:\program files\Common Files\Apple
2008-11-18 22:36 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-18 22:34 --------- d-----w c:\program files\iTunes
2008-11-09 02:36 --------- d-----w c:\documents and settings\Pamela Perry\Application Data\uTorrent
2008-11-09 02:22 --------- d-----w c:\program files\DivX
2008-10-30 13:58 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-10-30 13:53 --------- d-----w c:\program files\Common Files\AVSMedia
2008-10-30 13:50 --------- d-----w c:\documents and settings\Pamela Perry\Application Data\AVS4YOU
2008-10-30 13:50 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-02-17 20:18 133 ---ha-w c:\documents and settings\Pamela Perry\Application Data\brara1985.sys
2007-12-01 06:55 256 ----a-w c:\documents and settings\Pamela Perry\pool.bin
2008-08-23 10:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082320080824\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 4662776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Pamela Perry^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Pamela Perry\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Pamela Perry^Start Menu^Programs^Startup^Empty.pif]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adtech2006
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\axis love poll lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bron-Spizaetus
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dale Link
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drsmartloadb
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lspins
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Logon Process
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms03657575948
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PayTime
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SemanticInsight
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\timessquare
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webrebates
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFixer 2005
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFixer2005
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a--c--- 2005-08-30 23:40 57344 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a--c--- 2005-11-21 20:59 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-12-06 01:05 127035 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCCCATS]
--a--c--- 2005-06-07 06:38 69632 c:\windows\system32\spool\drivers\w32x86\3\dlcctime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
--a--c--- 2005-07-22 07:03 425984 c:\program files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a--c--- 2006-04-06 10:51 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-09-20 09:36 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a--c--- 2004-08-04 05:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 05:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a--c--- 2003-09-03 20:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 04:40 218032 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 04:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 06:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 06:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 06:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
--a--c--- 2004-11-11 10:26 26112 c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 19:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 12:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-10-24 16:10 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Pamela Perry\\My Documents\\Downloads\\Doc's\\utorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\ComboFix\\fdsv.cfexe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54631:TCP"= 54631:TCP:torrent

S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys []
S3 JL2005;JL2005A Camera; []
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2007-10-20 33792]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-01 27904]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - c:\resycled\boot.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d5a4e32-3a2c-11dc-ab2b-00132099da49}]
\Shell\AutoRun\command - E:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d66f0496-74f1-11dc-ab45-00132099da49}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

BHO-{ef7ef0ab-bbc9-4018-b8bd-8da2be73c110} - c:\windows\system32\fofufenu.dll
SharedTaskScheduler-{4d5b7736-a3bc-4e5b-9fa2-1bcc3e587abb} - c:\windows\system32\cwegus.dll
SafeBoot-inS40.sys
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-kdcbj - c:\windows\system32\kdcbj.exe
MSConfigStartUp-CaAvTray - c:\program files\Yahoo!\Antivirus\CAVTray.exe
MSConfigStartUp-CAVRID - c:\program files\Yahoo!\Antivirus\CAVRID.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DellSupport - c:\program files\Dell Support\DSAgnt.exe
MSConfigStartUp-DMXLauncher - c:\program files\Dell\Media Experience\DMXLauncher.exe
MSConfigStartUp-igfxtray - c:\windows\system32\igfxtray.exe
MSConfigStartUp-lofohumuna - c:\windows\system32\gosezale.dll
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\McAgent.exe
MSConfigStartUp-McRegWiz - c:\progra~1\mcafee.com\agent\mcregwiz.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\McAfee.com\Agent\McUpdate.exe
MSConfigStartUp-Microsoft Windows Session Manager Subsystem - c:\windows\smss.exe
MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-osCheck - c:\program files\Norton AntiVirus\osCheck.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-Run - c:\windows\inet20003\services.exe
MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe
MSConfigStartUp-Tok-Cirrhatus - c:\documents and settings\Pamela Perry\Local Settings\Application Data\smss.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\mcafee.com\vso\mcmnhdlr.exe
MSConfigStartUp-xp_system - c:\windows\inet20003\services.exe
MSConfigStartUp-YBrowser - c:\progra~1\Yahoo!\browser\ybrwicon.exe
MSConfigStartUp-ymetray - c:\program files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe
MSConfigStartUp-YOP - c:\progra~1\Yahoo!\YOP\yop.exe
MSConfigStartUp-26 - (no file)
MSConfigStartUp-26.tmp - (no file)
MSConfigStartUp-27 - (no file)
MSConfigStartUp-27.tmp - (no file)
MSConfigStartUp-intell321 - (no file)
MSConfigStartUp-Logitech Utility - Logi_MwX.Exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://yahoo.sbc.com/dsl
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\ewidoOnlineScan.dll - O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FireFox -: Profile - c:\documents and settings\Pamela Perry\Application Data\Mozilla\Firefox\Profiles\og4oyofi.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 15:46:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\adsldpc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\pnkbstra.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
.
**************************************************************************
.
Completion time: 2008-12-10 15:53:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 21:51:54

Pre-Run: 59,540,918,272 bytes free
Post-Run: 59,358,937,088 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /noexecute=alwayoff /fastdetect

419 --- E O F --- 2008-10-24 21:01:15




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users