Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan. Vundo. H (maybe winloggn?)


  • This topic is locked This topic is locked
34 replies to this topic

#1 blakeinkzoo

blakeinkzoo

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:07:49 AM

Posted 14 December 2008 - 11:17 PM

It started with many pop ups and warnings from my spyware protection. I had many Trojans of the Vundo variety. I got rid of most of them using Spybot S&D, Trend Micro, and finially Malwarebytes, but I have one that I can't get rid of.
Malwarebytes' Anti-Malware 1.31 says this in my MBAM log-

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ac72c2b1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

in RunAlyzer it looks like this- ac72c2b1 rundll32.exe "C:\WINDOWS\system32\osjmftcp.dll"b

After a reboot I run Malwarebytes and it is still there. How can I get rid of or fix this?

***Also I have two entries that I believe that I should also destroy. Should I? (listed below)

the entries are xsjfn83jkemfofght C:\DOCUME~1PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe

and they are located at

HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

and

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\. ***

I have tried the jump to the path option to delete all three of these through Malwarebytes and RunAlyzer with no success.


I also get a box when Windows XP first loads that says-

RUNDLL
Error loading C:\WINDOW|system32\osjmftcp.dll
The specified module could not be found.

I ran Vundo fix and it stated that I had no infections. Then I ran malwarebytes and it found the Vundo. H. I then hit remove button. I confirmed that it was removed with runalyzer. Upon a reboot (running windows XP) I got the same warning

RUNDLL
Error loading C:\WINDOW|system32\osjmftcp.dll
The specified module could not be found.

I scanned with Malwarebytes and it found the Trojan Vundo H again/still. I am really bleeping sick of this. :thumbsup:

Please help

here are the two logs from RIST

info.txt logfile of random's system information tool 1.04 2008-12-14 23:02:00

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
924PLC32-->MsiExec.exe /I{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Bookworm (remove only)-->"C:\Program Files\Yahoo! Games\Bookworm\Uninstall.exe"
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
Conexant D110 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Photo AIO Printer 924-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlccUNST.EXE -NOLICENSE
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Google AFE-->regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Digital Image Standard 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Encarta Encyclopedia Standard 2006-->MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works Suite 2006 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Office Animation Runtime-->MsiExec.exe /X{AEEB3643-71DE-414d-9E3F-1159177FE211}
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 - ALL
RunAlyzer-->"C:\Program Files\Spybot - Search & Destroy\RunAlyzer\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Trend Micro AntiVirus-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro AntiVirus-->MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{78AC782A-C708-4B21-A3A0-ECD4A3284588}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [ac72c2b1] rundll32.exe "C:\WINDOWS\system32\osjmftcp.dll",b
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [ac72c2b1] rundll32.exe "C:\WINDOWS\system32\osjmftcp.dll",b

======Hosts File======

127.0.0.1 www.mininova.org
127.0.0.1 www.mininova.com
127.0.0.1 www.thepiratebay.org
127.0.0.1 www.suprbay.org
127.0.0.1 mininova.org
127.0.0.1 mininova.com
127.0.0.1 thepiratebay.org
127.0.0.1 suprbay.org
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com

======Security center information======

AV: Trend Micro AntiVirus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------


Logfile of random's system information tool 1.04 (written by random/random)
Run by Pimp daddy B. Slim at 2008-12-14 23:01:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (23%) free of 52 GB
Total RAM: 503 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:52 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pimp daddy B. Slim\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Pimp daddy B. Slim.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {11863B57-01DF-453D-ACF6-A9346349383F} - (no file)
O2 - BHO: (no name) - {269A57BF-2A56-435C-9189-3793C5B65E22} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {cb010e42-47f3-4860-80b0-cce1cf55ce15} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [ac72c2b1] rundll32.exe "C:\WINDOWS\system32\osjmftcp.dll",b
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228341537625
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8276 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11863B57-01DF-453D-ACF6-A9346349383F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{269A57BF-2A56-435C-9189-3793C5B65E22}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-11-24 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb010e42-47f3-4860-80b0-cce1cf55ce15}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
""= []
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [2005-09-08 8192]
"dlccmon.exe"=C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe [2005-07-22 425984]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]
"xsjfn83jkemfofght"=C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe []
"ac72c2b1"=C:\WINDOWS\system32\osjmftcp.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"xsjfn83jkemfofght"=C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95ab751e-f04e-11db-970e-001422e9caca}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e656b0bd-c578-11db-96eb-001422e9caca}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-12-14 23:01:28 ----D---- C:\rsit
2008-12-13 03:31:07 ----D---- C:\WINDOWS\IIS Temporary Compressed Files
2008-12-13 03:30:42 ----D---- C:\WINDOWS\system32\Cache
2008-12-13 03:27:51 ----D---- C:\Inetpub
2008-12-13 02:22:15 ----D---- C:\VundoFix Backups
2008-12-13 02:22:15 ----A---- C:\VundoFix.txt
2008-12-12 04:34:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 04:31:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 04:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 23:51:18 ----D---- C:\Config.Msi
2008-12-11 17:04:28 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-12-11 17:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 01:08:48 ----D---- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Malwarebytes
2008-12-11 01:08:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-11 01:08:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-10 06:22:30 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-10 06:22:30 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-10 05:52:40 ----D---- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Mozilla
2008-12-09 21:56:02 ----D---- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Sun
2008-12-05 01:33:05 ----A---- C:\WINDOWS\DCEBoot.exe
2008-12-04 00:58:52 ----D---- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\AdobeUM
2008-12-03 23:50:11 ----D---- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Move Networks
2008-12-03 22:14:03 ----D---- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Intel
2008-12-03 22:06:41 ----D---- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Macromedia
2008-12-03 22:06:39 ----D---- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Adobe
2008-12-03 21:47:47 ----D---- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Google
2008-12-03 20:03:15 ----D---- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\vlc
2008-12-03 18:49:14 ----D---- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Microsoft
2008-12-03 17:50:56 ----A---- C:\WINDOWS\system32\a75106cf-.txt
2008-12-03 17:42:33 ----A---- C:\WINDOWS\system32\jse783hfgfffe.dll
2008-11-29 16:44:36 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-11-29 16:43:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2008-11-29 16:42:31 ----D---- C:\Program Files\Microsoft
2008-11-29 16:42:00 ----D---- C:\Program Files\Windows Live
2008-11-29 16:23:11 ----D---- C:\Program Files\Common Files\Windows Live
2008-11-25 19:41:52 ----D---- C:\WINDOWS\Google Earth Pro 4.2
2008-11-25 17:58:14 ----D---- C:\unknown dwnlds
2008-11-25 17:10:17 ----A---- C:\WINDOWS\IsUninst.exe
2008-11-21 19:36:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-21 19:35:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-20 16:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-20 16:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-20 16:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-20 16:07:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-20 16:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-20 16:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-20 16:07:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-20 16:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-20 16:06:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-20 16:06:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-20 16:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-20 16:06:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-20 16:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-20 16:05:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-20 16:05:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-20 16:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-20 16:05:14 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-20 15:59:46 ----A---- C:\WINDOWS\setuplog.txt
2008-11-20 15:57:45 ----D---- C:\WINDOWS\system32\scripting
2008-11-20 15:57:44 ----D---- C:\WINDOWS\l2schemas
2008-11-20 15:57:42 ----D---- C:\WINDOWS\system32\en
2008-11-20 15:57:40 ----D---- C:\WINDOWS\system32\bits
2008-11-20 15:51:06 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-20 15:39:01 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-19 03:45:34 ----D---- C:\Program Files\MpcStar
2008-11-19 02:59:26 ----D---- C:\Downloads
2008-11-19 02:58:34 ----D---- C:\Program Files\BitComet
2008-11-18 13:25:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-18 13:25:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-17 21:22:47 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-11-17 21:22:40 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-17 21:22:35 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-17 21:22:34 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-17 21:22:08 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-17 21:22:07 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-11-17 21:21:52 ----N---- C:\WINDOWS\system32\staxmem.dll
2008-11-17 21:21:46 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-11-17 21:21:43 ----A---- C:\WINDOWS\system32\spider.exe
2008-11-17 21:21:42 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-11-17 21:21:41 ----A---- C:\WINDOWS\system32\snmptrap.exe
2008-11-17 21:21:41 ----A---- C:\WINDOWS\system32\snmpmib.dll
2008-11-17 21:21:40 ----A---- C:\WINDOWS\system32\snmp.exe
2008-11-17 21:21:40 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-11-17 21:21:38 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-17 21:21:38 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-17 21:21:38 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-17 21:21:38 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-17 21:21:38 ----N---- C:\WINDOWS\slrundll.exe
2008-11-17 21:21:37 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-17 21:21:30 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-17 21:21:18 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-11-17 21:21:11 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-17 21:21:08 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-17 21:21:07 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-17 21:21:02 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-17 21:21:02 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-17 21:21:02 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-17 21:20:58 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-17 21:20:50 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-17 21:20:15 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-17 21:20:15 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-17 21:20:15 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-17 21:20:13 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-17 21:20:12 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-11-17 21:20:11 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-11-17 21:20:06 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-17 21:20:06 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-17 21:20:04 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-11-17 21:19:27 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-11-17 21:19:24 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-17 21:19:23 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-17 21:19:23 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-17 21:19:23 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-17 21:19:17 ----A---- C:\WINDOWS\system32\lprmon.dll
2008-11-17 21:19:17 ----A---- C:\WINDOWS\system32\lpdsvc.dll
2008-11-17 21:19:13 ----A---- C:\WINDOWS\system32\lmmib2.dll
2008-11-17 21:19:00 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-17 21:18:59 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-17 21:18:58 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-17 21:18:58 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-17 21:18:57 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-17 21:18:57 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-17 21:18:26 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-11-17 21:18:13 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-11-17 21:18:11 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-17 21:18:10 ----A---- C:\WINDOWS\system32\hostmib.dll
2008-11-17 21:18:00 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-11-17 21:18:00 ----A---- C:\WINDOWS\002979_.tmp
2008-11-17 21:17:59 ----A---- C:\WINDOWS\system32\evntwin.exe
2008-11-17 21:17:59 ----A---- C:\WINDOWS\system32\evntcmd.exe
2008-11-17 21:17:58 ----A---- C:\WINDOWS\system32\evntagnt.dll
2008-11-17 21:17:57 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-17 21:17:57 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-17 21:17:57 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-17 21:17:57 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-17 21:17:56 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-17 21:17:56 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-17 21:17:56 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-17 21:17:56 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-17 21:17:49 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-17 21:17:49 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-17 21:17:49 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-17 21:17:49 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-17 21:17:49 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-17 21:17:48 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-17 21:17:48 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-17 21:17:46 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-17 21:17:46 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-17 21:17:45 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-17 21:17:38 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-17 21:17:34 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-11-17 21:17:25 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-17 21:17:24 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-17 21:17:21 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-11-17 21:17:20 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-17 21:17:20 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-11-17 21:17:19 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-17 21:17:18 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-11-17 21:17:18 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-17 21:17:18 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-11-17 21:17:05 ----N---- C:\WINDOWS\system32\admwprox.dll
2008-11-17 21:17:03 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-11-17 21:17:02 ----N---- C:\WINDOWS\system32\aaclient.dll

======List of files/folders modified in the last 1 months======

2008-12-14 23:01:36 ----D---- C:\WINDOWS\Prefetch
2008-12-14 22:44:24 ----D---- C:\Program Files\Mozilla Firefox
2008-12-14 20:27:27 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 20:10:04 ----D---- C:\WINDOWS\system32
2008-12-14 17:06:09 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt
2008-12-14 17:06:08 ----D---- C:\WINDOWS\TEMP
2008-12-14 17:06:08 ----D---- C:\WINDOWS\Registration
2008-12-14 17:06:00 ----D---- C:\WINDOWS
2008-12-14 05:29:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-13 03:52:49 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-13 03:38:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-13 03:38:06 ----D---- C:\WINDOWS\Help
2008-12-13 03:38:04 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-13 03:38:03 ----D---- C:\Program Files\Online Services
2008-12-13 03:37:50 ----D---- C:\WINDOWS\Cursors
2008-12-13 03:37:44 ----D---- C:\Program Files\Windows NT
2008-12-13 03:37:32 ----D---- C:\WINDOWS\system32\wbem
2008-12-13 03:35:23 ----D---- C:\WINDOWS\addins
2008-12-13 03:35:14 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-13 03:32:01 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 03:28:27 ----D---- C:\WINDOWS\security
2008-12-13 03:19:34 ----HD---- C:\WINDOWS\inf
2008-12-13 03:19:34 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-13 03:12:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-13 01:35:57 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-12 22:00:31 ----D---- C:\Program Files\Trend Micro
2008-12-12 04:33:31 ----D---- C:\Program Files\Internet Explorer
2008-12-12 04:33:03 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-11 23:51:20 ----D---- C:\Program Files\Microsoft Works
2008-12-11 23:51:18 ----SHD---- C:\WINDOWS\Installer
2008-12-11 23:50:18 ----D---- C:\WINDOWS\system32\Restore
2008-12-11 17:04:28 ----D---- C:\Program Files
2008-12-11 02:35:13 ----D---- C:\WINDOWS\system32\drivers
2008-12-11 01:31:02 ----SD---- C:\WINDOWS\Tasks
2008-12-10 17:55:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 05:56:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-10 05:46:28 ----D---- C:\WINDOWS\system32\Sys52Data
2008-12-10 03:56:27 ----D---- C:\WINDOWS\WinSxS
2008-12-09 23:19:45 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-09 21:46:46 ----D---- C:\Program Files\Dl_cats
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-03 21:24:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-03 21:24:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-03 18:45:58 ----D---- C:\Documents and Settings
2008-11-29 22:48:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-29 17:47:48 ----RSD---- C:\WINDOWS\assembly
2008-11-29 16:52:57 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-29 16:41:49 ----RSD---- C:\WINDOWS\Fonts
2008-11-29 16:41:28 ----D---- C:\WINDOWS\pchealth
2008-11-29 16:23:11 ----D---- C:\Program Files\Common Files
2008-11-23 20:01:26 ----D---- C:\WINDOWS\network diagnostic
2008-11-20 16:15:22 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-20 16:10:50 ----D---- C:\WINDOWS\system32\Setup
2008-11-20 16:10:50 ----D---- C:\WINDOWS\AppPatch
2008-11-20 16:05:27 ----D---- C:\Program Files\Messenger
2008-11-20 15:58:23 ----D---- C:\WINDOWS\ime
2008-11-20 15:57:47 ----D---- C:\WINDOWS\system32\usmt
2008-11-20 15:57:47 ----D---- C:\WINDOWS\system32\en-US
2008-11-20 15:57:40 ----D---- C:\WINDOWS\PeerNet
2008-11-20 15:57:40 ----D---- C:\Program Files\Movie Maker
2008-11-20 15:50:46 ----D---- C:\WINDOWS\system32\npp
2008-11-20 15:50:46 ----D---- C:\WINDOWS\mui
2008-11-20 15:50:43 ----D---- C:\WINDOWS\msagent
2008-11-20 15:50:41 ----D---- C:\WINDOWS\srchasst
2008-11-20 15:50:39 ----D---- C:\Program Files\NetMeeting
2008-11-20 15:50:37 ----D---- C:\WINDOWS\system32\Com
2008-11-20 15:50:31 ----D---- C:\Program Files\Outlook Express
2008-11-20 15:50:26 ----D---- C:\Program Files\Common Files\System
2008-11-20 15:50:03 ----D---- C:\WINDOWS\system32\oobe
2008-11-20 15:49:59 ----D---- C:\WINDOWS\system
2008-11-20 15:45:08 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-20 15:38:56 ----D---- C:\WINDOWS\ehome
2008-11-19 03:47:16 ----D---- C:\Program Files\QuickTime

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-03 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-02-15 65936]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-02-06 17056]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-06-09 356352]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-03-13 1174152]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2007-12-24 333064]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
R3 dlcc_device;dlcc_device; C:\WINDOWS\system32\dlcccoms.exe [2005-06-21 491520]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-26 648456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-09 138168]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]

-----------------EOF-----------------

Thank you for any help that can be provided.

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 20 December 2008 - 05:38 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 blakeinkzoo

blakeinkzoo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:07:49 AM

Posted 21 December 2008 - 09:08 PM

Hello EB. My name is Blake. No need for an apology, I appreciate the help. Thank you very much.

OTViewIt logfile created on: 12/21/2008 4:24:01 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Pimp daddy B. Slim\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 70.87 Mb Available Physical Memory | 14.08% Memory free
1.20 Gb Paging File | 0.71 Gb Available in Paging File | 59.27% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.88 Gb Total Space | 11.36 Gb Free Space | 22.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DG9YBF91
Current User Name: Pimp daddy B. Slim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[2004/09/07 17:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2005/09/29 15:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2004/09/13 17:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
[2005/10/14 21:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2005/10/14 21:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2008/02/22 03:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2005/10/14 21:46:24 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2004/10/30 15:59:54 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2005/02/23 17:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2004/12/06 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2005/07/22 08:03:00 | 00,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
[2008/07/29 14:57:56 | 01,398,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
[2005/09/08 20:20:46 | 00,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2004/09/07 17:03:40 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
[2004/08/19 15:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
[2005/09/08 20:20:46 | 00,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
[2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2005/06/09 09:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
[2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2008/07/29 14:57:54 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
[2008/04/13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
[2007/03/13 13:02:34 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2007/12/24 17:41:06 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2005/06/21 09:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe
[2008/04/13 19:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2008/10/31 15:55:59 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/02/26 14:19:46 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/12/21 16:23:09 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/06/21 09:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device [On_Demand | Running])
[2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2007/02/09 20:54:01 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2005/06/09 09:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC [Auto | Running])
[2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2008/07/29 14:57:54 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
[2008/04/13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running])
[2008/04/13 19:12:36 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/03/13 13:02:34 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
[2007/12/24 17:41:06 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
[2008/02/26 14:19:46 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Running])
[2005/08/03 20:05:55 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])

========== Driver Services ==========

[2006/02/06 02:45:44 | 00,017,056 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2004/11/16 17:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2005/08/03 11:44:16 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2004/05/26 21:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2004/12/01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/11/23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2004/06/17 21:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
[2004/06/17 21:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/10/14 22:15:18 | 01,302,812 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/08/12 09:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA [On_Demand | Running])
[2004/03/17 19:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 17:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/04/25 03:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2004/08/31 09:53:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2005/03/10 23:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2007/03/06 17:30:38 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2004/12/06 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/12/06 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/12/06 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/12/06 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/12/06 02:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/12/06 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/12/06 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/12/06 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/12/06 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2007/12/24 17:37:20 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running])
[2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2007/12/24 17:37:12 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running])
[2008/08/16 03:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2008/02/15 22:37:50 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/08/16 03:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/08/16 02:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])
[2004/10/21 21:56:04 | 03,210,496 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51 [On_Demand | Running])
[2004/06/17 21:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.myspace.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"First Home Page"=http://www.google.com/toolbar/ie7/done.html
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"First Home Page"=http://www.google.com/toolbar/ie7/done.html
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.myspace.com/

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (290458 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.mininova.org
127.0.0.1 www.mininova.com
127.0.0.1 www.thepiratebay.org
127.0.0.1 www.suprbay.org
127.0.0.1 mininova.org
127.0.0.1 mininova.com
127.0.0.1 thepiratebay.org
127.0.0.1 suprbay.org
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
10006 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{11863B57-01DF-453D-ACF6-A9346349383F} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{269A57BF-2A56-435C-9189-3793C5B65E22} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{cb010e42-47f3-4860-80b0-cce1cf55ce15} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"ac72c2b1"=rundll32.exe "C:\WINDOWS\system32\osjmftcp.dll",b File not found
"Apoint"=C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" (Dell)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless (Intel Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe (Musicmatch, Inc.)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
"xsjfn83jkemfofght"=C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)
"xsjfn83jkemfofght"=C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe File not found

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)
"xsjfn83jkemfofght"=C:\DOCUME~1\PIMPDA~1.SLI\LOCALS~1\Temp\winloggn.exe File not found

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
35 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
35 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab -- Windows Live Safety Center Base Module
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1228341537625 -- MUWebControl Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{0F12D58D-35FC-4BB7-B82C-E52D91EB1CCC} (Servers: | Description: 1394 Net Adapter)
{1E7AC898-737A-4ADE-95C0-7EE3CC5C5885} (Servers: | Description: Intel® PRO/Wireless 2915ABG Network Connection)
{DE7488B4-515A-4E3A-B222-EF3DB2F9239B} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
IntelWireless: "DllName" = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll -- C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 05:43:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95ab751e-f04e-11db-970e-001422e9caca}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95ab751e-f04e-11db-970e-001422e9caca}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95ab751e-f04e-11db-970e-001422e9caca}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e656b0bd-c578-11db-96eb-001422e9caca}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e656b0bd-c578-11db-96eb-001422e9caca}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e656b0bd-c578-11db-96eb-001422e9caca}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/12/21 16:23:02 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\OTViewIt.exe
[2008/12/17 01:14:30 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\IE.lnk
[2008/12/15 15:53:09 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\My Documents\RESUME` no dates.doc
[2008/12/15 15:44:18 | 00,000,324 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\wklnhst.dat
[2008/12/14 23:01:28 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/14 20:53:59 | 00,073,174 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\bus.pdf
[2008/12/13 03:37:58 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2008/12/13 03:37:58 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2008/12/13 03:37:58 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2008/12/13 03:37:58 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2008/12/13 03:37:57 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2008/12/13 03:37:57 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2008/12/13 03:37:57 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2008/12/13 03:37:57 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2008/12/13 03:37:57 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2008/12/13 03:37:57 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2008/12/13 03:37:57 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2008/12/13 03:37:57 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2008/12/13 03:37:57 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2008/12/13 03:37:56 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2008/12/13 03:37:56 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2008/12/13 03:37:56 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2008/12/13 03:37:56 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2008/12/13 03:37:56 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2008/12/13 03:37:56 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2008/12/13 03:37:56 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2008/12/13 03:37:56 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2008/12/13 03:37:56 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2008/12/13 03:37:56 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2008/12/13 03:37:56 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2008/12/13 03:37:37 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/12/13 03:37:37 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2008/12/13 03:37:37 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2008/12/13 03:37:36 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/12/13 03:37:36 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/12/13 03:37:36 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2008/12/13 03:37:36 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2008/12/13 03:37:36 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/12/13 03:37:36 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/12/13 03:37:36 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/12/13 03:37:36 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/12/13 03:37:32 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2008/12/13 03:37:32 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2008/12/13 03:37:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2008/12/13 03:37:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2008/12/13 03:37:31 | 00,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2008/12/13 03:37:31 | 00,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2008/12/13 03:37:31 | 00,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2008/12/13 03:37:31 | 00,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2008/12/13 03:37:31 | 00,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2008/12/13 03:37:31 | 00,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2008/12/13 03:37:31 | 00,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2008/12/13 03:37:31 | 00,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2008/12/13 03:37:31 | 00,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2008/12/13 03:37:31 | 00,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2008/12/13 03:37:30 | 00,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2008/12/13 03:37:30 | 00,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2008/12/13 03:37:30 | 00,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2008/12/13 03:37:30 | 00,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2008/12/13 03:37:30 | 00,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2008/12/13 03:37:30 | 00,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2008/12/13 03:37:30 | 00,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2008/12/13 03:37:30 | 00,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2008/12/13 03:37:30 | 00,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2008/12/13 03:37:30 | 00,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2008/12/13 03:31:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2008/12/13 03:30:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache
[2008/12/13 03:29:52 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2008/12/13 03:29:52 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2008/12/13 03:29:52 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2008/12/13 03:29:51 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2008/12/13 03:29:51 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2008/12/13 03:29:51 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2008/12/13 03:29:51 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2008/12/13 03:29:50 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2008/12/13 03:29:50 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2008/12/13 03:29:50 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2008/12/13 03:28:45 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2008/12/13 03:28:45 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2008/12/13 03:28:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2008/12/13 03:28:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2008/12/13 03:28:44 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2008/12/13 03:28:44 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2008/12/13 03:28:44 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2008/12/13 03:28:44 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2008/12/13 03:28:44 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2008/12/13 03:28:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2008/12/13 03:28:44 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2008/12/13 03:28:43 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2008/12/13 03:28:43 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2008/12/13 03:28:43 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2008/12/13 03:28:43 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2008/12/13 03:28:43 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2008/12/13 03:28:43 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2008/12/13 03:28:42 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2008/12/13 03:28:42 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2008/12/13 03:28:42 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2008/12/13 03:28:42 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2008/12/13 03:28:41 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2008/12/13 03:28:41 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2008/12/13 03:28:41 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2008/12/13 03:28:41 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2008/12/13 03:28:41 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2008/12/13 03:28:41 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2008/12/13 03:28:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2008/12/13 03:28:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2008/12/13 03:28:41 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2008/12/13 03:28:40 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2008/12/13 03:28:40 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2008/12/13 03:28:40 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2008/12/13 03:28:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2008/12/13 03:27:51 | 00,000,000 | ---D | C] -- C:\Inetpub
[2008/12/13 02:22:15 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/12/12 23:51:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\cleaners
[2008/12/12 03:03:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\Comments
[2008/12/11 23:51:18 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2008/12/11 17:04:28 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/12/11 01:08:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Malwarebytes
[2008/12/11 01:08:13 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/11 01:08:10 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/11 01:08:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/11 01:08:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/10 06:22:30 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/12/10 06:22:30 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/12/10 05:54:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\set ups
[2008/12/10 05:52:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Mozilla
[2008/12/10 05:52:27 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/09 21:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Sun
[2008/12/05 01:33:05 | 00,016,384 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2008/12/04 16:53:47 | 00,004,128 | ---- | C] () -- C:\INFCACHE.1
[2008/12/04 00:58:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\AdobeUM
[2008/12/04 00:56:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2008/12/03 23:50:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Move Networks
[2008/12/03 22:14:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Intel
[2008/12/03 22:06:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Macromedia
[2008/12/03 22:06:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Adobe
[2008/12/03 21:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2008/12/03 20:03:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\vlc
[2008/12/03 18:50:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Local Settings\Application Data\WMTools Downloaded Files
[2008/12/03 18:49:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Microsoft
[2008/12/03 17:43:05 | 00,000,527 | ---- | C] () -- C:\WINDOWS\System32\TDSSjtsvqcxs.dat
[2008/12/03 17:42:33 | 00,010,000 | ---- | C] () -- C:\WINDOWS\System32\jse783hfgfffe.dll
[2008/12/03 02:22:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\My Documents\Downloads
[2008/11/29 16:44:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2008/11/29 16:42:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2008/11/29 16:42:00 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2008/11/29 16:23:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2008/11/25 21:06:12 | 00,000,293 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\Shortcut to Local Disk ©.lnk
[2008/11/25 17:58:14 | 00,000,000 | ---D | C] -- C:\unknown dwnlds
[2008/11/25 17:29:37 | 00,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSWQDRV.SYS

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/12/21 16:23:09 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\OTViewIt.exe
[2008/12/21 15:38:54 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/21 15:37:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/21 15:37:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/21 15:37:49 | 52,789,2480 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/20 23:12:33 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/20 19:37:18 | 00,244,224 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/18 19:07:21 | 00,290,458 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/17 01:14:30 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\IE.lnk
[2008/12/15 15:53:12 | 00,000,324 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\wklnhst.dat
[2008/12/15 15:53:10 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\My Documents\RESUME` no dates.doc
[2008/12/15 15:47:05 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\My Documents\RESUME`.doc
[2008/12/14 20:53:59 | 00,073,174 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\bus.pdf
[2008/12/13 03:41:00 | 00,010,485 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/13 03:38:25 | 00,473,204 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/13 03:38:25 | 00,402,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/13 03:38:25 | 00,063,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/13 03:34:32 | 00,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/13 00:42:27 | 00,287,326 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081218-190721.backup
[2008/12/12 23:53:24 | 00,016,384 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2008/12/12 03:01:55 | 00,290,098 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2008/12/12 02:40:21 | 00,287,885 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081212-030155.backup
[2008/12/11 04:42:04 | 00,288,974 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081211-173905.backup
[2008/12/10 19:32:09 | 00,287,084 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081211-010343.backup
[2008/12/10 05:52:27 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/10 05:03:06 | 09,250,688 | -H-- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Local Settings\Application Data\IconCache.db
[2008/12/09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/04 16:53:47 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 17:44:27 | 00,010,000 | ---- | M] () -- C:\WINDOWS\System32\jse783hfgfffe.dll
[2008/12/03 17:43:05 | 00,000,527 | ---- | M] () -- C:\WINDOWS\System32\TDSSjtsvqcxs.dat
[2008/12/03 17:42:32 | 00,000,915 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081210-045144.backup
[2008/11/30 20:15:08 | 00,243,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/29 17:10:22 | 00,067,640 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/25 21:06:12 | 00,000,293 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\Shortcut to Local Disk ©.lnk
[2008/11/25 17:29:37 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\SYSWQDRV.SYS
< End of report >


OTViewIt Extras logfile created on: 12/21/2008 4:24:01 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Pimp daddy B. Slim\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 70.87 Mb Available Physical Memory | 14.08% Memory free
1.20 Gb Paging File | 0.71 Gb Available in Paging File | 59.27% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.88 Gb Total Space | 11.36 Gb Free Space | 22.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DG9YBF91
Current User Name: Pimp daddy B. Slim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value does not exist or could not be read.] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/02 21:02:16 | 00,582,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/04 07:01:34 | 00,093,184 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player
[2008/10/31 15:55:59 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/09/02 21:02:16 | 00,582,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 04:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/10/07 17:35:04 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06040048-3E21-46D6-9A91-D927BA08F41D}"=Microsoft Encarta Encyclopedia Standard 2006
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}"=mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}"=Symantec KB-DocID:2003093015493306
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}"=Microsoft Works Suite Add-in for Microsoft Word
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}"=Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=Google AFE
"{4667B940-BB01-428B-986E-A0CC46497BF7}"=ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}"=mHlpDell
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{5D95AD35-368F-47D5-B63A-A082DDF00116}"=Microsoft Digital Image Standard 2006 Editor
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.5
"{691F4068-81BF-49E3-B32E-FE3E16400112}"=Microsoft Digital Image Standard 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}"=mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}"=mIWCA
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}"=Trend Micro AntiVirus
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{78AC782A-C708-4B21-A3A0-ECD4A3284588}"=Windows Live Call
"{85D3CC30-8859-481A-9654-FD9B74310BEF}"=Musicmatch® Jukebox
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{911B0409-6000-11D3-8CFE-0050048383C9}"=Microsoft Word 2002
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}"=924PLC32
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}"=Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{9F7FC79B-3059-4264-9450-39EB368E3225}"=Microsoft Digital Image Library 9 - Blocker
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1"=RunAlyzer
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}"=Trend Micro AntiVirus
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"=ABBYY FineReader 6.0 Sprint
"{AEEB3643-71DE-414d-9E3F-1159177FE211}"=Office Animation Runtime
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}"=mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}"=Works Upgrade
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}"=Musicmatch for Windows Media Player
"{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}"=Choice Guard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}"=mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Bookworm"=Bookworm (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1"=Conexant D110 MDC V.9x Modem
"Dell Photo AIO Printer 924"=Dell Photo AIO Printer 924
"DVD Shrink_is1"=DVD Shrink 3.2
"EmeraldQFE2"=Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Money2006b"=Microsoft Money 2006
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PictureItPrem_v11"=Microsoft Digital Image Standard 2006
"ProInst"=Intel® PROSet/Wireless Software
"VLC media player"=VideoLAN VLC media player 0.8.6a
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"Works2006Setup"=Microsoft Works Suite 2006 Setup Launcher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2008 12:51:30 AM | Computer Name = DG9YBF91 | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libadjust_plugin.dll,
version 0.0.0.0, fault address 0x0000314d.

Error - 12/2/2008 12:51:57 AM | Computer Name = DG9YBF91 | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libadjust_plugin.dll,
version 0.0.0.0, fault address 0x0000314d.

Error - 12/3/2008 5:21:32 PM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2008 11:08:14 PM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2008 8:43:58 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application RunAlyzer.exe, version 1.6.0.22, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2008 8:43:58 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application RunAlyzer.exe, version 1.6.0.22, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/11/2008 4:39:49 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application TeaTimer.exe, version 1.6.3.25, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/11/2008 6:40:19 PM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application RunAlyzer.exe, version 1.6.0.22, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2008 2:40:29 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application RunAlyzer.exe, version 1.6.0.22, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2008 4:59:38 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/12/2008 1:07:37 AM | Computer Name = DG9YBF91 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ShellHWDetection service.

Error - 12/14/2008 6:02:09 AM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F355B13. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 12/14/2008 6:06:48 PM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00166F355B13 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/16/2008 2:29:38 AM | Computer Name = DG9YBF91 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 12/17/2008 7:20:55 PM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F355B13. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/17/2008 11:38:33 PM | Computer Name = DG9YBF91 | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.

Error - 12/20/2008 7:49:03 PM | Computer Name = DG9YBF91 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 12/21/2008 12:11:41 AM | Computer Name = DG9YBF91 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 12/21/2008 6:55:02 AM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F355B13. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/21/2008 7:43:44 AM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F355B13. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.


< End of report >

Sunday, December 21, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 21, 2008 21:13:33
Records in database: 1497331
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 57680
Threat name 1
Infected objects 2
Suspicious objects 0
Duration of the scan 01:19:58

File name Threat name Threats count
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
The selected area was scanned.

Thank you again for your time,


Blake

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 22 December 2008 - 10:29 AM

Hello again.

Posted ImageBackdoor Threat
Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

I'll assume you wish continue please follow the instructions below:

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..

Please post back with:
-Combofix log
-GMER scan log
-Fresh OTViewIT log


:thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 blakeinkzoo

blakeinkzoo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:07:49 AM

Posted 22 December 2008 - 09:37 PM

I do no banking through my computer and I also have no sensitive information it. I will take the non-guarantee of future security into consideration. Here are the logs.
Thank you,
Blake

ComboFix 08-12-21.04 - Pimp daddy B. Slim 2008-12-22 19:49:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.271 [GMT -5:00]
Running from: c:\documents and settings\Pimp daddy B. Slim\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Cache
c:\windows\system32\jse783hfgfffe.dll
c:\windows\system32\TDSSjtsvqcxs.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-15 15:44 . 2008-12-15 15:53 324 --a------ c:\documents and settings\Pimp daddy B. Slim\Application Data\wklnhst.dat
2008-12-14 23:01 . 2008-12-14 23:02 <DIR> d-------- C:\rsit
2008-12-13 03:31 . 2008-12-13 03:31 <DIR> d-------- c:\windows\IIS Temporary Compressed Files
2008-12-13 03:29 . 2001-08-17 22:36 65,536 --a------ c:\windows\system32\dllcache\EXCH_mailmsg.dll
2008-12-13 03:29 . 2001-08-17 22:36 57,856 --a------ c:\windows\system32\dllcache\EXCH_scripto.dll
2008-12-13 03:29 . 2001-08-17 22:36 45,056 --a------ c:\windows\system32\dllcache\EXCH_aqadmin.dll
2008-12-13 03:29 . 2001-08-17 22:36 43,520 --a------ c:\windows\system32\dllcache\EXCH_fcachdll.dll
2008-12-13 03:29 . 2001-08-17 22:36 38,912 --a------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2008-12-13 03:29 . 2001-08-17 22:36 26,112 --a------ c:\windows\system32\dllcache\EXCH_seos.dll
2008-12-13 03:29 . 2001-08-17 22:36 23,040 --a------ c:\windows\system32\dllcache\EXCH_regtrace.exe
2008-12-13 03:29 . 2001-08-17 22:36 12,288 --a------ c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2008-12-13 03:29 . 2001-08-17 22:36 7,168 --a------ c:\windows\system32\dllcache\EXCH_snprfdll.dll
2008-12-13 03:29 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\dllcache\EXCH_adsiisex.dll
2008-12-13 03:27 . 2008-12-13 03:32 <DIR> d-------- C:\Inetpub
2008-12-13 02:22 . 2008-12-13 02:22 <DIR> d-------- C:\VundoFix Backups
2008-12-11 17:04 . 2008-12-11 23:51 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-11 01:08 . 2008-12-11 01:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 01:08 . 2008-12-11 01:08 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\Malwarebytes
2008-12-11 01:08 . 2008-12-11 01:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 01:08 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 01:08 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 06:22 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-10 06:22 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-05 01:33 . 2008-12-12 23:53 16,384 --a------ c:\windows\DCEBoot.exe
2008-12-04 16:53 . 2008-12-04 16:53 4,128 --a------ C:\INFCACHE.1
2008-12-04 00:58 . 2008-12-04 00:58 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\AdobeUM
2008-12-03 23:50 . 2008-12-17 18:24 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\Move Networks
2008-12-03 22:14 . 2008-12-03 22:14 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\Intel
2008-12-03 20:03 . 2008-12-03 20:03 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\vlc
2008-11-29 16:44 . 2008-11-29 16:44 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-29 16:42 . 2008-11-29 22:49 <DIR> d-------- c:\program files\Windows Live
2008-11-29 16:42 . 2008-11-29 16:42 <DIR> d-------- c:\program files\Microsoft
2008-11-29 16:23 . 2008-11-29 16:23 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-11-25 19:41 . 2008-11-25 19:41 <DIR> d-------- c:\windows\Google Earth Pro 4.2
2008-11-25 17:58 . 2008-11-25 17:59 <DIR> d-------- C:\unknown dwnlds
2008-11-25 17:29 . 2008-11-25 17:29 60 --a------ c:\windows\system32\SYSWQDRV.SYS
2008-11-25 17:10 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 15:59 --------- d-----w c:\program files\Dl_cats
2008-12-21 23:56 --------- d-----w c:\program files\Google
2008-12-13 08:19 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-13 03:00 --------- d-----w c:\program files\Trend Micro
2008-12-12 04:51 --------- d-----w c:\program files\Microsoft Works
2008-12-10 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 10:56 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-03 04:10 --------- d-----w c:\program files\BitComet
2008-11-25 22:45 --------- d-----w c:\program files\MpcStar
2008-11-19 08:47 --------- d-----w c:\program files\QuickTime
2008-10-28 06:22 --------- d-----w c:\program files\Common Files\Real
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-02-20 22:42 56 --sh--r c:\windows\system32\60924F01AE.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 8192]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22443:TCP"= 22443:TCP:BitComet 22443 TCP
"22443:UDP"= 22443:UDP:BitComet 22443 UDP

R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2007-09-17 36368]
S2 tmevtmgr;tmevtmgr;\??\c:\windows\system32\drivers\tmevtmgr.sys [2008-02-08 52240]
S3 tmproxy;Trend Micro Proxy Service;"c:\program files\Trend Micro\Internet Security\TmProxy.exe" [2008-02-08 648456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95ab751e-f04e-11db-970e-001422e9caca}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e656b0bd-c578-11db-96eb-001422e9caca}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

BHO-{11863B57-01DF-453D-ACF6-A9346349383F} - (no file)
BHO-{269A57BF-2A56-435C-9189-3793C5B65E22} - (no file)
BHO-{cb010e42-47f3-4860-80b0-cce1cf55ce15} - (no file)
HKLM-Run-ac72c2b1 - c:\windows\system32\osjmftcp.dll


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.myspace.com/
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Pimp daddy B. Slim\Application Data\Mozilla\Firefox\Profiles\i5jfcpkj.default\
FF - prefs.js: browser.startup.homepage - www.myspace.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 20:23:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\snmp.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApntEx.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\windows\system32\dlcccoms.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
.
**************************************************************************
.
Completion time: 2008-12-22 20:25:58 - machine was rebooted [Pimp daddy B. Slim]
ComboFix-quarantined-files.txt 2008-12-23 01:25:55

Pre-Run: 12,086,919,168 bytes free
Post-Run: 12,285,681,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

188 --- E O F --- 2008-12-18 03:39:28


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-22 20:56:36
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\Fastfat \Fat A8E7DD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \\?\globalroot\systemroot\system32\drivers\TDSSbvytdxco.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv \\?\globalroot\systemroot\system32\drivers\TDSSbvytdxco.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl \\?\globalroot\systemroot\system32\TDSSdbrdunjc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers \\?\globalroot\systemroot\system32\TDSSjtsvqcxs.dat
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain \\?\globalroot\systemroot\system32\TDSSqberdrxv.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \\?\globalroot\systemroot\system32\TDSSoykxmedm.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \\?\globalroot\systemroot\system32\TDSSjtywmnkd.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSsbwltcae.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSratltahs.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSjoanewkc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSScowhtkov.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSrmmkvjug.log

---- EOF - GMER 1.0.14 ----

OTViewIt logfile created on: 12/22/2008 9:20:15 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Pimp daddy B. Slim\Desktop\cleaners
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 149.37 Mb Available Physical Memory | 29.67% Memory free
1.20 Gb Paging File | 0.91 Gb Available in Paging File | 76.05% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.88 Gb Total Space | 11.48 Gb Free Space | 22.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DG9YBF91
Current User Name: Pimp daddy B. Slim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2005/06/09 09:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
[2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2008/07/29 14:57:54 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
[2008/04/13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
[2007/03/13 13:02:34 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2007/12/24 17:41:06 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
[2008/04/13 19:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/02/26 14:19:46 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
[2004/09/07 17:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2005/09/29 15:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2004/09/13 17:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
[2005/10/14 21:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2005/10/14 21:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2005/10/14 21:46:24 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2008/02/22 03:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2004/10/30 15:59:54 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2005/02/23 17:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2004/12/06 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2004/08/19 15:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
[2005/07/22 08:03:00 | 00,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
[2008/07/29 14:57:56 | 01,398,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
[2005/09/08 20:20:46 | 00,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2005/06/21 09:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe
[2005/09/08 20:20:46 | 00,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
[2004/09/07 17:03:40 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
[2008/12/21 16:23:09 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\cleaners\OTViewIt.exe

========== (O23) Win32 Services ==========

[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/06/21 09:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device [On_Demand | Running])
[2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2008/12/21 16:38:48 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2005/06/09 09:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC [Auto | Running])
[2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2008/07/29 14:57:54 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
[2008/04/13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running])
[2008/04/13 19:12:36 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/03/13 13:02:34 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
[2007/12/24 17:41:06 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
[2008/02/26 14:19:46 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Running])
[2005/08/03 20:05:55 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])

========== Driver Services ==========

[2006/02/06 02:45:44 | 00,017,056 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2004/11/16 17:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2005/08/03 11:44:16 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2004/05/26 21:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2004/12/01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/11/23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/12/22 20:39:37 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2004/06/17 21:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
[2004/06/17 21:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/10/14 22:15:18 | 01,302,812 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/08/12 09:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA [On_Demand | Running])
[2004/03/17 19:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 17:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/04/25 03:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2004/08/31 09:53:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2005/03/10 23:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2007/03/06 17:30:38 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2004/12/06 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/12/06 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/12/06 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/12/06 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/12/06 02:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/12/06 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/12/06 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/12/06 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/12/06 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2007/12/24 17:37:20 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running])
[2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2007/12/24 17:37:12 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running])
[2008/08/16 03:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2008/02/15 22:37:50 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/08/16 03:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/08/16 02:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])
[2004/10/21 21:56:04 | 03,210,496 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51 [On_Demand | Running])
[2004/06/17 21:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.myspace.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"First Home Page"=http://www.google.com/toolbar/ie7/done.html
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"First Home Page"=http://www.google.com/toolbar/ie7/done.html
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.myspace.com/

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (290458 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.mininova.org
127.0.0.1 www.mininova.com
127.0.0.1 www.thepiratebay.org
127.0.0.1 www.suprbay.org
127.0.0.1 mininova.org
127.0.0.1 mininova.com
127.0.0.1 thepiratebay.org
127.0.0.1 suprbay.org
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
10006 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" (Dell)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless (Intel Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe (Musicmatch, Inc.)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
35 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
35 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab -- Windows Live Safety Center Base Module
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1228341537625 -- MUWebControl Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{0F12D58D-35FC-4BB7-B82C-E52D91EB1CCC} (Servers: | Description: 1394 Net Adapter)
{1E7AC898-737A-4ADE-95C0-7EE3CC5C5885} (Servers: | Description: Intel® PRO/Wireless 2915ABG Network Connection)
{DE7488B4-515A-4E3A-B222-EF3DB2F9239B} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
IntelWireless: "DllName" = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll -- C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 05:43:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95ab751e-f04e-11db-970e-001422e9caca}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95ab751e-f04e-11db-970e-001422e9caca}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95ab751e-f04e-11db-970e-001422e9caca}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e656b0bd-c578-11db-96eb-001422e9caca}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e656b0bd-c578-11db-96eb-001422e9caca}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e656b0bd-c578-11db-96eb-001422e9caca}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2008/12/22 21:14:58 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/12/22 20:39:39 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/22 20:39:37 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/22 20:39:37 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/22 20:39:37 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/22 20:39:24 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/22 20:37:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\gmer
[2008/12/22 19:35:00 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2008/12/22 19:34:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/12/22 19:34:54 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/12/22 19:30:41 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/12/22 19:29:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/12/22 19:29:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/12/22 19:29:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/12/22 19:29:33 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/12/22 19:29:33 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/12/22 19:29:33 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/22 19:29:33 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/22 19:29:33 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/12/22 19:28:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/22 19:28:28 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/12/22 10:47:45 | 02,885,687 | R--- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\ComboFix.exe
[2008/12/21 21:00:51 | 00,003,145 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\Kasplog.html
[2008/12/15 15:53:09 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\My Documents\RESUME` no dates.doc
[2008/12/15 15:44:18 | 00,000,324 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\wklnhst.dat
[2008/12/14 23:01:28 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/14 20:53:59 | 00,073,174 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\bus.pdf
[2008/12/13 03:37:58 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2008/12/13 03:37:58 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2008/12/13 03:37:58 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2008/12/13 03:37:58 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2008/12/13 03:37:57 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2008/12/13 03:37:57 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2008/12/13 03:37:57 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2008/12/13 03:37:57 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2008/12/13 03:37:57 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2008/12/13 03:37:57 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2008/12/13 03:37:57 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2008/12/13 03:37:57 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2008/12/13 03:37:57 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2008/12/13 03:37:56 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2008/12/13 03:37:56 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2008/12/13 03:37:56 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2008/12/13 03:37:56 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2008/12/13 03:37:56 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2008/12/13 03:37:56 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2008/12/13 03:37:56 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2008/12/13 03:37:56 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2008/12/13 03:37:56 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2008/12/13 03:37:56 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2008/12/13 03:37:56 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2008/12/13 03:37:37 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/12/13 03:37:37 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2008/12/13 03:37:37 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2008/12/13 03:37:36 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/12/13 03:37:36 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/12/13 03:37:36 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2008/12/13 03:37:36 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2008/12/13 03:37:36 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/12/13 03:37:36 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/12/13 03:37:36 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/12/13 03:37:36 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/12/13 03:37:32 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2008/12/13 03:37:32 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2008/12/13 03:37:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2008/12/13 03:37:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2008/12/13 03:37:31 | 00,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2008/12/13 03:37:31 | 00,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2008/12/13 03:37:31 | 00,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2008/12/13 03:37:31 | 00,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2008/12/13 03:37:31 | 00,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2008/12/13 03:37:31 | 00,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2008/12/13 03:37:31 | 00,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2008/12/13 03:37:31 | 00,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2008/12/13 03:37:31 | 00,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2008/12/13 03:37:31 | 00,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2008/12/13 03:37:30 | 00,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2008/12/13 03:37:30 | 00,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2008/12/13 03:37:30 | 00,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2008/12/13 03:37:30 | 00,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2008/12/13 03:37:30 | 00,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2008/12/13 03:37:30 | 00,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2008/12/13 03:37:30 | 00,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2008/12/13 03:37:30 | 00,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2008/12/13 03:37:30 | 00,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2008/12/13 03:37:30 | 00,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2008/12/13 03:31:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2008/12/13 03:29:52 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2008/12/13 03:29:52 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2008/12/13 03:29:52 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2008/12/13 03:29:51 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2008/12/13 03:29:51 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2008/12/13 03:29:51 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2008/12/13 03:29:51 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2008/12/13 03:29:50 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2008/12/13 03:29:50 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2008/12/13 03:29:50 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2008/12/13 03:28:45 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2008/12/13 03:28:45 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2008/12/13 03:28:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2008/12/13 03:28:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2008/12/13 03:28:44 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2008/12/13 03:28:44 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2008/12/13 03:28:44 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2008/12/13 03:28:44 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2008/12/13 03:28:44 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2008/12/13 03:28:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2008/12/13 03:28:44 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2008/12/13 03:28:43 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2008/12/13 03:28:43 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2008/12/13 03:28:43 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2008/12/13 03:28:43 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2008/12/13 03:28:43 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2008/12/13 03:28:43 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2008/12/13 03:28:42 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2008/12/13 03:28:42 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2008/12/13 03:28:42 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2008/12/13 03:28:42 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2008/12/13 03:28:41 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2008/12/13 03:28:41 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2008/12/13 03:28:41 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2008/12/13 03:28:41 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2008/12/13 03:28:41 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2008/12/13 03:28:41 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2008/12/13 03:28:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2008/12/13 03:28:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2008/12/13 03:28:41 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2008/12/13 03:28:40 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2008/12/13 03:28:40 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2008/12/13 03:28:40 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2008/12/13 03:28:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2008/12/13 03:27:51 | 00,000,000 | ---D | C] -- C:\Inetpub
[2008/12/13 02:22:15 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/12/12 23:51:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\cleaners
[2008/12/12 03:03:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\Comments
[2008/12/11 23:51:18 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2008/12/11 17:04:28 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/12/11 01:08:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Malwarebytes
[2008/12/11 01:08:13 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/11 01:08:10 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/11 01:08:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/11 01:08:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/10 06:22:30 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/12/10 06:22:30 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/12/10 05:54:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\set ups
[2008/12/10 05:52:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Mozilla
[2008/12/10 05:52:27 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/09 21:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Sun
[2008/12/05 01:33:05 | 00,016,384 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2008/12/04 16:53:47 | 00,004,128 | ---- | C] () -- C:\INFCACHE.1
[2008/12/04 00:58:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\AdobeUM
[2008/12/04 00:56:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2008/12/03 23:50:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Move Networks
[2008/12/03 22:14:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Intel
[2008/12/03 22:06:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Macromedia
[2008/12/03 22:06:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Adobe
[2008/12/03 21:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2008/12/03 20:03:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\vlc
[2008/12/03 18:50:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Local Settings\Application Data\WMTools Downloaded Files
[2008/12/03 18:49:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Microsoft
[2008/12/03 02:22:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\My Documents\Downloads
[2008/11/29 16:44:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2008/11/29 16:42:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2008/11/29 16:42:00 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2008/11/29 16:23:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2008/11/25 21:06:12 | 00,000,293 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\Shortcut to Local Disk ©.lnk
[2008/11/25 17:58:14 | 00,000,000 | ---D | C] -- C:\unknown dwnlds
[2008/11/25 17:29:37 | 00,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSWQDRV.SYS

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/12/22 21:06:24 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/22 21:03:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/22 21:03:40 | 52,789,2480 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/22 21:03:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/22 20:45:59 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/22 20:39:37 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/22 20:39:37 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/22 20:39:37 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/22 20:37:08 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2008/12/22 20:24:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/22 19:35:00 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2008/12/22 10:48:03 | 02,885,687 | R--- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\ComboFix.exe
[2008/12/21 21:00:51 | 00,003,145 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\Kasplog.html
[2008/12/20 23:12:33 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/20 19:37:18 | 00,244,224 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/18 19:07:21 | 00,290,458 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/15 15:53:12 | 00,000,324 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\wklnhst.dat
[2008/12/15 15:53:10 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\My Documents\RESUME` no dates.doc
[2008/12/15 15:47:05 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\My Documents\RESUME`.doc
[2008/12/14 20:53:59 | 00,073,174 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\bus.pdf
[2008/12/13 03:41:00 | 00,010,485 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/13 03:38:25 | 00,473,204 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/13 03:38:25 | 00,402,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/13 03:38:25 | 00,063,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/13 03:34:32 | 00,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/13 00:42:27 | 00,287,326 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081218-190721.backup
[2008/12/12 23:53:24 | 00,016,384 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2008/12/12 03:01:55 | 00,290,098 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2008/12/12 02:40:21 | 00,287,885 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081212-030155.backup
[2008/12/11 04:42:04 | 00,288,974 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081211-173905.backup
[2008/12/10 19:32:09 | 00,287,084 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081211-010343.backup
[2008/12/10 05:52:27 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/10 05:03:06 | 09,250,688 | -H-- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Local Settings\Application Data\IconCache.db
[2008/12/09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/04 16:53:47 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 17:42:32 | 00,000,915 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081210-045144.backup
[2008/11/30 20:15:08 | 00,243,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/29 17:10:22 | 00,067,640 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/25 21:06:12 | 00,000,293 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\Shortcut to Local Disk ©.lnk
[2008/11/25 17:29:37 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\SYSWQDRV.SYS
< End of report >


OTViewIt Extras logfile created on: 12/22/2008 9:20:15 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Pimp daddy B. Slim\Desktop\cleaners
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 149.37 Mb Available Physical Memory | 29.67% Memory free
1.20 Gb Paging File | 0.91 Gb Available in Paging File | 76.05% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.88 Gb Total Space | 11.48 Gb Free Space | 22.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DG9YBF91
Current User Name: Pimp daddy B. Slim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value does not exist or could not be read.] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/02 21:02:16 | 00,582,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/04 07:01:34 | 00,093,184 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player
[2008/10/31 15:55:59 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/09/02 21:02:16 | 00,582,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 04:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/10/07 17:35:04 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06040048-3E21-46D6-9A91-D927BA08F41D}"=Microsoft Encarta Encyclopedia Standard 2006
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}"=mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}"=Symantec KB-DocID:2003093015493306
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}"=Microsoft Works Suite Add-in for Microsoft Word
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}"=Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=Google AFE
"{4667B940-BB01-428B-986E-A0CC46497BF7}"=ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}"=mHlpDell
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{5D95AD35-368F-47D5-B63A-A082DDF00116}"=Microsoft Digital Image Standard 2006 Editor
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.5
"{691F4068-81BF-49E3-B32E-FE3E16400112}"=Microsoft Digital Image Standard 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}"=mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}"=mIWCA
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}"=Trend Micro AntiVirus
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{78AC782A-C708-4B21-A3A0-ECD4A3284588}"=Windows Live Call
"{85D3CC30-8859-481A-9654-FD9B74310BEF}"=Musicmatch® Jukebox
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{911B0409-6000-11D3-8CFE-0050048383C9}"=Microsoft Word 2002
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}"=924PLC32
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}"=Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{9F7FC79B-3059-4264-9450-39EB368E3225}"=Microsoft Digital Image Library 9 - Blocker
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1"=RunAlyzer
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}"=Trend Micro AntiVirus
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"=ABBYY FineReader 6.0 Sprint
"{AEEB3643-71DE-414d-9E3F-1159177FE211}"=Office Animation Runtime
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}"=mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}"=Works Upgrade
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}"=Musicmatch for Windows Media Player
"{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}"=Choice Guard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}"=mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Bookworm"=Bookworm (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1"=Conexant D110 MDC V.9x Modem
"Dell Photo AIO Printer 924"=Dell Photo AIO Printer 924
"DVD Shrink_is1"=DVD Shrink 3.2
"EmeraldQFE2"=Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Money2006b"=Microsoft Money 2006
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PictureItPrem_v11"=Microsoft Digital Image Standard 2006
"ProInst"=Intel® PROSet/Wireless Software
"VLC media player"=VideoLAN VLC media player 0.8.6a
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"Works2006Setup"=Microsoft Works Suite 2006 Setup Launcher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2008 12:51:57 AM | Computer Name = DG9YBF91 | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libadjust_plugin.dll,
version 0.0.0.0, fault address 0x0000314d.

Error - 12/3/2008 5:21:32 PM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2008 11:08:14 PM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2008 8:43:58 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application RunAlyzer.exe, version 1.6.0.22, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2008 8:43:58 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application RunAlyzer.exe, version 1.6.0.22, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/11/2008 4:39:49 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application TeaTimer.exe, version 1.6.3.25, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/11/2008 6:40:19 PM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application RunAlyzer.exe, version 1.6.0.22, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2008 2:40:29 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application RunAlyzer.exe, version 1.6.0.22, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2008 4:59:38 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/21/2008 7:55:02 PM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/14/2008 6:02:09 AM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F355B13. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 12/14/2008 6:06:48 PM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00166F355B13 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/16/2008 2:29:38 AM | Computer Name = DG9YBF91 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 12/17/2008 7:20:55 PM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F355B13. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/17/2008 11:38:33 PM | Computer Name = DG9YBF91 | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.

Error - 12/20/2008 7:49:03 PM | Computer Name = DG9YBF91 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 12/21/2008 12:11:41 AM | Computer Name = DG9YBF91 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 12/21/2008 6:55:02 AM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F355B13. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/21/2008 7:43:44 AM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F355B13. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 12/22/2008 9:59:34 PM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F355B13. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 22 December 2008 - 10:31 PM

Hello.

I do no banking through my computer and I also have no sensitive information it. I will take the non-guarantee of future security into consideration. Here are the logs.

Okay, but be warned though that this computer have been compromised before.

Let's continue removing the malware that are still on your system, but there is a program I want to warn you about.

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BitComet). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the code box below into it:
    File::
    c:\windows\system32\60924F01AE.sys
    c:\windows\DCEBoot.exe
    C:\Windows\system32\drivers\TDSSbvytdxco.sys
    C:\Windows\system32\TDSSdbrdunjc.dll
    C:\Windows\system32\TDSSjtsvqcxs.dat
    C:\Windows\system32\TDSSqberdrxv.dll
    C:\Windows\system32\TDSSoykxmedm.dll
    C:\Windows\system32\TDSSjtywmnkd.dll
    C:\Windows\system32\TDSSsbwltcae.dll
    C:\Windows\system32\TDSSratltahs.log
    C:\Windows\system32\TDSSjoanewkc.dll
    C:\Windows\system32\TDSScowhtkov.log
    C:\Windows\system32\TDSSrmmkvjug.log
    
    DirLook::
    C:\unknown dwnlds
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000000
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Please Post back with:
-Combofix log
-Fresh GMER log
-Fresh OTViewIT log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 blakeinkzoo

blakeinkzoo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:07:49 AM

Posted 23 December 2008 - 08:41 AM

I ran Combofix with the CFScript. It prepared a log. I minimized the log, and I had a screen with only my desk top picture- no icons. I waited a short time and rebooted. Where can I find the log?

#8 blakeinkzoo

blakeinkzoo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:07:49 AM

Posted 23 December 2008 - 08:54 AM

I believe that I found it.

ComboFix 08-12-21.04 - Pimp daddy B. Slim 2008-12-22 19:49:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.271 [GMT -5:00]
Running from: c:\documents and settings\Pimp daddy B. Slim\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Cache
c:\windows\system32\jse783hfgfffe.dll
c:\windows\system32\TDSSjtsvqcxs.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-15 15:44 . 2008-12-15 15:53 324 --a------ c:\documents and settings\Pimp daddy B. Slim\Application Data\wklnhst.dat
2008-12-14 23:01 . 2008-12-14 23:02 <DIR> d-------- C:\rsit
2008-12-13 03:31 . 2008-12-13 03:31 <DIR> d-------- c:\windows\IIS Temporary Compressed Files
2008-12-13 03:29 . 2001-08-17 22:36 65,536 --a------ c:\windows\system32\dllcache\EXCH_mailmsg.dll
2008-12-13 03:29 . 2001-08-17 22:36 57,856 --a------ c:\windows\system32\dllcache\EXCH_scripto.dll
2008-12-13 03:29 . 2001-08-17 22:36 45,056 --a------ c:\windows\system32\dllcache\EXCH_aqadmin.dll
2008-12-13 03:29 . 2001-08-17 22:36 43,520 --a------ c:\windows\system32\dllcache\EXCH_fcachdll.dll
2008-12-13 03:29 . 2001-08-17 22:36 38,912 --a------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2008-12-13 03:29 . 2001-08-17 22:36 26,112 --a------ c:\windows\system32\dllcache\EXCH_seos.dll
2008-12-13 03:29 . 2001-08-17 22:36 23,040 --a------ c:\windows\system32\dllcache\EXCH_regtrace.exe
2008-12-13 03:29 . 2001-08-17 22:36 12,288 --a------ c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2008-12-13 03:29 . 2001-08-17 22:36 7,168 --a------ c:\windows\system32\dllcache\EXCH_snprfdll.dll
2008-12-13 03:29 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\dllcache\EXCH_adsiisex.dll
2008-12-13 03:27 . 2008-12-13 03:32 <DIR> d-------- C:\Inetpub
2008-12-13 02:22 . 2008-12-13 02:22 <DIR> d-------- C:\VundoFix Backups
2008-12-11 17:04 . 2008-12-11 23:51 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-11 01:08 . 2008-12-11 01:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 01:08 . 2008-12-11 01:08 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\Malwarebytes
2008-12-11 01:08 . 2008-12-11 01:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 01:08 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 01:08 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 06:22 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-10 06:22 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-05 01:33 . 2008-12-12 23:53 16,384 --a------ c:\windows\DCEBoot.exe
2008-12-04 16:53 . 2008-12-04 16:53 4,128 --a------ C:\INFCACHE.1
2008-12-04 00:58 . 2008-12-04 00:58 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\AdobeUM
2008-12-03 23:50 . 2008-12-17 18:24 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\Move Networks
2008-12-03 22:14 . 2008-12-03 22:14 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\Intel
2008-12-03 20:03 . 2008-12-03 20:03 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\vlc
2008-11-29 16:44 . 2008-11-29 16:44 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-29 16:42 . 2008-11-29 22:49 <DIR> d-------- c:\program files\Windows Live
2008-11-29 16:42 . 2008-11-29 16:42 <DIR> d-------- c:\program files\Microsoft
2008-11-29 16:23 . 2008-11-29 16:23 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-11-25 19:41 . 2008-11-25 19:41 <DIR> d-------- c:\windows\Google Earth Pro 4.2
2008-11-25 17:58 . 2008-11-25 17:59 <DIR> d-------- C:\unknown dwnlds
2008-11-25 17:29 . 2008-11-25 17:29 60 --a------ c:\windows\system32\SYSWQDRV.SYS
2008-11-25 17:10 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 15:59 --------- d-----w c:\program files\Dl_cats
2008-12-21 23:56 --------- d-----w c:\program files\Google
2008-12-13 08:19 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-13 03:00 --------- d-----w c:\program files\Trend Micro
2008-12-12 04:51 --------- d-----w c:\program files\Microsoft Works
2008-12-10 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 10:56 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-03 04:10 --------- d-----w c:\program files\BitComet
2008-11-25 22:45 --------- d-----w c:\program files\MpcStar
2008-11-19 08:47 --------- d-----w c:\program files\QuickTime
2008-10-28 06:22 --------- d-----w c:\program files\Common Files\Real
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-02-20 22:42 56 --sh--r c:\windows\system32\60924F01AE.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 8192]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22443:TCP"= 22443:TCP:BitComet 22443 TCP
"22443:UDP"= 22443:UDP:BitComet 22443 UDP

R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2007-09-17 36368]
S2 tmevtmgr;tmevtmgr;\??\c:\windows\system32\drivers\tmevtmgr.sys [2008-02-08 52240]
S3 tmproxy;Trend Micro Proxy Service;"c:\program files\Trend Micro\Internet Security\TmProxy.exe" [2008-02-08 648456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95ab751e-f04e-11db-970e-001422e9caca}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e656b0bd-c578-11db-96eb-001422e9caca}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

BHO-{11863B57-01DF-453D-ACF6-A9346349383F} - (no file)
BHO-{269A57BF-2A56-435C-9189-3793C5B65E22} - (no file)
BHO-{cb010e42-47f3-4860-80b0-cce1cf55ce15} - (no file)
HKLM-Run-ac72c2b1 - c:\windows\system32\osjmftcp.dll


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.myspace.com/
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Pimp daddy B. Slim\Application Data\Mozilla\Firefox\Profiles\i5jfcpkj.default\
FF - prefs.js: browser.startup.homepage - www.myspace.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 20:23:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\snmp.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApntEx.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\windows\system32\dlcccoms.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
.
**************************************************************************
.
Completion time: 2008-12-22 20:25:58 - machine was rebooted [Pimp daddy B. Slim]
ComboFix-quarantined-files.txt 2008-12-23 01:25:55

Pre-Run: 12,086,919,168 bytes free
Post-Run: 12,285,681,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

188 --- E O F --- 2008-12-18 03:39:28


I will reply with -Fresh GMER log -Fresh OTViewIT log shortly.

#9 blakeinkzoo

blakeinkzoo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:07:49 AM

Posted 23 December 2008 - 09:30 AM

I believe that I had already (before we started cleaning my computer) deleted my file sharing software because I made the decision not to use it any longer. Do you know that it is still there? I did not see any under my add/remove programs. Thank you for the heads up on that.


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-23 09:05:20
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\Fastfat \Fat A8B87D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \\?\globalroot\systemroot\system32\drivers\TDSSbvytdxco.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv \\?\globalroot\systemroot\system32\drivers\TDSSbvytdxco.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl \\?\globalroot\systemroot\system32\TDSSdbrdunjc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers \\?\globalroot\systemroot\system32\TDSSjtsvqcxs.dat
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain \\?\globalroot\systemroot\system32\TDSSqberdrxv.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \\?\globalroot\systemroot\system32\TDSSoykxmedm.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \\?\globalroot\systemroot\system32\TDSSjtywmnkd.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSsbwltcae.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSratltahs.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSjoanewkc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSScowhtkov.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSrmmkvjug.log

---- EOF - GMER 1.0.14 ----

OTViewIt Extras logfile created on: 12/23/2008 9:09:58 AM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Pimp daddy B. Slim\Desktop\cleaners
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 244.80 Mb Available Physical Memory | 48.63% Memory free
1.20 Gb Paging File | 0.94 Gb Available in Paging File | 78.59% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.88 Gb Total Space | 11.45 Gb Free Space | 22.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DG9YBF91
Current User Name: Pimp daddy B. Slim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value does not exist or could not be read.] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/02 21:02:16 | 00,582,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/04 07:01:34 | 00,093,184 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player
[2008/10/31 15:55:59 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/09/02 21:02:16 | 00,582,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 04:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/10/07 17:35:04 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06040048-3E21-46D6-9A91-D927BA08F41D}"=Microsoft Encarta Encyclopedia Standard 2006
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}"=mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}"=Symantec KB-DocID:2003093015493306
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}"=Microsoft Works Suite Add-in for Microsoft Word
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}"=Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=Google AFE
"{4667B940-BB01-428B-986E-A0CC46497BF7}"=ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}"=mHlpDell
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{5D95AD35-368F-47D5-B63A-A082DDF00116}"=Microsoft Digital Image Standard 2006 Editor
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.5
"{691F4068-81BF-49E3-B32E-FE3E16400112}"=Microsoft Digital Image Standard 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}"=mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}"=mIWCA
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}"=Trend Micro AntiVirus
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{78AC782A-C708-4B21-A3A0-ECD4A3284588}"=Windows Live Call
"{85D3CC30-8859-481A-9654-FD9B74310BEF}"=Musicmatch® Jukebox
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{911B0409-6000-11D3-8CFE-0050048383C9}"=Microsoft Word 2002
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}"=924PLC32
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}"=Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{9F7FC79B-3059-4264-9450-39EB368E3225}"=Microsoft Digital Image Library 9 - Blocker
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1"=RunAlyzer
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}"=Trend Micro AntiVirus
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"=ABBYY FineReader 6.0 Sprint
"{AEEB3643-71DE-414d-9E3F-1159177FE211}"=Office Animation Runtime
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}"=mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}"=Works Upgrade
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}"=Musicmatch for Windows Media Player
"{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}"=Choice Guard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}"=mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Bookworm"=Bookworm (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1"=Conexant D110 MDC V.9x Modem
"Dell Photo AIO Printer 924"=Dell Photo AIO Printer 924
"DVD Shrink_is1"=DVD Shrink 3.2
"EmeraldQFE2"=Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Money2006b"=Microsoft Money 2006
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PictureItPrem_v11"=Microsoft Digital Image Standard 2006
"ProInst"=Intel® PROSet/Wireless Software
"VLC media player"=VideoLAN VLC media player 0.8.6a
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"Works2006Setup"=Microsoft Works Suite 2006 Setup Launcher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2008 12:51:57 AM | Computer Name = DG9YBF91 | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libadjust_plugin.dll,
version 0.0.0.0, fault address 0x0000314d.

Error - 12/3/2008 5:21:32 PM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2008 11:08:14 PM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2008 8:43:58 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application RunAlyzer.exe, version 1.6.0.22, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2008 8:43:58 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application RunAlyzer.exe, version 1.6.0.22, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/11/2008 4:39:49 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application TeaTimer.exe, version 1.6.3.25, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/11/2008 6:40:19 PM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application RunAlyzer.exe, version 1.6.0.22, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2008 2:40:29 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application RunAlyzer.exe, version 1.6.0.22, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2008 4:59:38 AM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3224, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/21/2008 7:55:02 PM | Computer Name = DG9YBF91 | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/14/2008 6:02:09 AM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F355B13. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 12/14/2008 6:06:48 PM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00166F355B13 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/16/2008 2:29:38 AM | Computer Name = DG9YBF91 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 12/17/2008 7:20:55 PM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F355B13. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/17/2008 11:38:33 PM | Computer Name = DG9YBF91 | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.

Error - 12/20/2008 7:49:03 PM | Computer Name = DG9YBF91 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 12/21/2008 12:11:41 AM | Computer Name = DG9YBF91 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 12/21/2008 6:55:02 AM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F355B13. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/21/2008 7:43:44 AM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F355B13. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 12/22/2008 9:59:34 PM | Computer Name = DG9YBF91 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00166F355B13. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >


OTViewIt logfile created on: 12/23/2008 9:09:58 AM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Pimp daddy B. Slim\Desktop\cleaners
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 244.80 Mb Available Physical Memory | 48.63% Memory free
1.20 Gb Paging File | 0.94 Gb Available in Paging File | 78.59% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.88 Gb Total Space | 11.45 Gb Free Space | 22.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DG9YBF91
Current User Name: Pimp daddy B. Slim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2005/06/09 09:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
[2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2008/04/13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
[2007/03/13 13:02:34 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2004/09/07 17:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2008/04/13 19:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2005/09/29 15:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2004/09/13 17:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
[2005/10/14 21:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2005/10/14 21:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2005/10/14 21:46:24 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2008/02/22 03:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2004/10/30 15:59:54 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2005/02/23 17:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2004/12/06 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2004/08/19 15:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
[2005/07/22 08:03:00 | 00,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
[2005/09/08 20:20:46 | 00,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
[2005/06/21 09:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe
[2005/09/08 20:20:46 | 00,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/12/21 16:23:09 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\cleaners\OTViewIt.exe

========== (O23) Win32 Services ==========

[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/06/21 09:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device [On_Demand | Running])
[2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2008/12/21 16:38:48 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2005/06/09 09:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC [Auto | Running])
[2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2008/07/29 14:57:54 | 00,698,888 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Stopped])
[2008/04/13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running])
[2008/04/13 19:12:36 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/03/13 13:02:34 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
[2007/12/24 17:41:06 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Stopped])
[2008/02/26 14:19:46 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Stopped])
[2005/08/03 20:05:55 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])

========== Driver Services ==========

[2006/02/06 02:45:44 | 00,017,056 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2004/11/16 17:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2005/08/03 11:44:16 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2004/05/26 21:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2004/12/01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/11/23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/12/22 20:39:37 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2004/06/17 21:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
[2004/06/17 21:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/10/14 22:15:18 | 01,302,812 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/08/12 09:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA [On_Demand | Running])
[2004/03/17 19:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 17:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/04/25 03:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2004/08/31 09:53:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2005/03/10 23:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2007/03/06 17:30:38 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2004/12/06 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/12/06 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/12/06 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/12/06 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/12/06 02:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/12/06 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/12/06 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/12/06 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/12/06 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2007/12/24 17:37:20 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Stopped])
[2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2007/12/24 17:37:12 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Stopped])
[2008/08/16 03:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2008/02/15 22:37:50 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/08/16 03:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/08/16 02:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])
[2004/10/21 21:56:04 | 03,210,496 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51 [On_Demand | Stopped])
[2004/06/17 21:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.myspace.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"First Home Page"=http://www.google.com/toolbar/ie7/done.html
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com
"First Home Page"=http://www.google.com/toolbar/ie7/done.html
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.myspace.com/

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (290458 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.mininova.org
127.0.0.1 www.mininova.com
127.0.0.1 www.thepiratebay.org
127.0.0.1 www.suprbay.org
127.0.0.1 mininova.org
127.0.0.1 mininova.com
127.0.0.1 thepiratebay.org
127.0.0.1 suprbay.org
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
10006 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" (Dell)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless (Intel Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe (Musicmatch, Inc.)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (Adobe Systems Incorporated)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
35 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
35 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3363428076-2443140938-2662183693-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab -- Windows Live Safety Center Base Module
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1228341537625 -- MUWebControl Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{0F12D58D-35FC-4BB7-B82C-E52D91EB1CCC} (Servers: | Description: 1394 Net Adapter)
{1E7AC898-737A-4ADE-95C0-7EE3CC5C5885} (Servers: | Description: Intel® PRO/Wireless 2915ABG Network Connection)
{DE7488B4-515A-4E3A-B222-EF3DB2F9239B} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
IntelWireless: "DllName" = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll -- C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 05:43:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95ab751e-f04e-11db-970e-001422e9caca}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95ab751e-f04e-11db-970e-001422e9caca}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95ab751e-f04e-11db-970e-001422e9caca}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e656b0bd-c578-11db-96eb-001422e9caca}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e656b0bd-c578-11db-96eb-001422e9caca}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e656b0bd-c578-11db-96eb-001422e9caca}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2008/12/23 08:20:19 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2008/12/22 20:39:39 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/22 20:39:37 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/22 20:39:37 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/22 20:39:37 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/22 20:39:24 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/22 20:37:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\gmer
[2008/12/22 19:35:00 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2008/12/22 19:34:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/12/22 19:34:54 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/12/22 19:30:41 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/12/22 19:29:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/12/22 19:29:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/12/22 19:29:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/12/22 19:29:33 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/12/22 19:29:33 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/12/22 19:29:33 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/22 19:29:33 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/22 19:29:33 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/12/22 19:28:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/22 19:28:28 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/12/22 10:47:45 | 02,885,687 | R--- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\ComboFix.exe
[2008/12/21 21:00:51 | 00,003,145 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\Kasplog.html
[2008/12/15 15:53:09 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\My Documents\RESUME` no dates.doc
[2008/12/15 15:44:18 | 00,000,324 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\wklnhst.dat
[2008/12/14 23:01:28 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/14 20:53:59 | 00,073,174 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\bus.pdf
[2008/12/13 03:37:58 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2008/12/13 03:37:58 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2008/12/13 03:37:58 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2008/12/13 03:37:58 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2008/12/13 03:37:57 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2008/12/13 03:37:57 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2008/12/13 03:37:57 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2008/12/13 03:37:57 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2008/12/13 03:37:57 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2008/12/13 03:37:57 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2008/12/13 03:37:57 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2008/12/13 03:37:57 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2008/12/13 03:37:57 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2008/12/13 03:37:56 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2008/12/13 03:37:56 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2008/12/13 03:37:56 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2008/12/13 03:37:56 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2008/12/13 03:37:56 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2008/12/13 03:37:56 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2008/12/13 03:37:56 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2008/12/13 03:37:56 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2008/12/13 03:37:56 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2008/12/13 03:37:56 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2008/12/13 03:37:56 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2008/12/13 03:37:37 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/12/13 03:37:37 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2008/12/13 03:37:37 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2008/12/13 03:37:36 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/12/13 03:37:36 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/12/13 03:37:36 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2008/12/13 03:37:36 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2008/12/13 03:37:36 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/12/13 03:37:36 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/12/13 03:37:36 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/12/13 03:37:36 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/12/13 03:37:32 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2008/12/13 03:37:32 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2008/12/13 03:37:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2008/12/13 03:37:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2008/12/13 03:37:31 | 00,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2008/12/13 03:37:31 | 00,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2008/12/13 03:37:31 | 00,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2008/12/13 03:37:31 | 00,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2008/12/13 03:37:31 | 00,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2008/12/13 03:37:31 | 00,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2008/12/13 03:37:31 | 00,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2008/12/13 03:37:31 | 00,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2008/12/13 03:37:31 | 00,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2008/12/13 03:37:31 | 00,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2008/12/13 03:37:30 | 00,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2008/12/13 03:37:30 | 00,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2008/12/13 03:37:30 | 00,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2008/12/13 03:37:30 | 00,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2008/12/13 03:37:30 | 00,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2008/12/13 03:37:30 | 00,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2008/12/13 03:37:30 | 00,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2008/12/13 03:37:30 | 00,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2008/12/13 03:37:30 | 00,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2008/12/13 03:37:30 | 00,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2008/12/13 03:31:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2008/12/13 03:29:52 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2008/12/13 03:29:52 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2008/12/13 03:29:52 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2008/12/13 03:29:51 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2008/12/13 03:29:51 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2008/12/13 03:29:51 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2008/12/13 03:29:51 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2008/12/13 03:29:50 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2008/12/13 03:29:50 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2008/12/13 03:29:50 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2008/12/13 03:28:45 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2008/12/13 03:28:45 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2008/12/13 03:28:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2008/12/13 03:28:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2008/12/13 03:28:44 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2008/12/13 03:28:44 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2008/12/13 03:28:44 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2008/12/13 03:28:44 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2008/12/13 03:28:44 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2008/12/13 03:28:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2008/12/13 03:28:44 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2008/12/13 03:28:43 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2008/12/13 03:28:43 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2008/12/13 03:28:43 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2008/12/13 03:28:43 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2008/12/13 03:28:43 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2008/12/13 03:28:43 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2008/12/13 03:28:42 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2008/12/13 03:28:42 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2008/12/13 03:28:42 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2008/12/13 03:28:42 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2008/12/13 03:28:41 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2008/12/13 03:28:41 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2008/12/13 03:28:41 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2008/12/13 03:28:41 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2008/12/13 03:28:41 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2008/12/13 03:28:41 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2008/12/13 03:28:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2008/12/13 03:28:41 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2008/12/13 03:28:41 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2008/12/13 03:28:40 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2008/12/13 03:28:40 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2008/12/13 03:28:40 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2008/12/13 03:28:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2008/12/13 03:27:51 | 00,000,000 | ---D | C] -- C:\Inetpub
[2008/12/13 02:22:15 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/12/12 23:51:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\cleaners
[2008/12/12 03:03:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\Comments
[2008/12/11 23:51:18 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2008/12/11 17:04:28 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/12/11 01:08:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Malwarebytes
[2008/12/11 01:08:13 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/11 01:08:10 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/11 01:08:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/11 01:08:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/10 06:22:30 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/12/10 06:22:30 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/12/10 05:54:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\set ups
[2008/12/10 05:52:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Mozilla
[2008/12/10 05:52:27 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/09 21:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Sun
[2008/12/05 01:33:05 | 00,016,384 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2008/12/04 16:53:47 | 00,004,128 | ---- | C] () -- C:\INFCACHE.1
[2008/12/04 00:58:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\AdobeUM
[2008/12/04 00:56:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2008/12/03 23:50:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Move Networks
[2008/12/03 22:14:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Intel
[2008/12/03 22:06:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Macromedia
[2008/12/03 22:06:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Adobe
[2008/12/03 21:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2008/12/03 20:03:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\vlc
[2008/12/03 18:50:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Local Settings\Application Data\WMTools Downloaded Files
[2008/12/03 18:49:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\Microsoft
[2008/12/03 02:22:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pimp daddy B. Slim\My Documents\Downloads
[2008/11/29 16:44:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2008/11/29 16:42:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2008/11/29 16:42:00 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2008/11/29 16:23:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2008/11/25 21:06:12 | 00,000,293 | ---- | C] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\Shortcut to Local Disk ©.lnk
[2008/11/25 17:58:14 | 00,000,000 | ---D | C] -- C:\unknown dwnlds
[2008/11/25 17:29:37 | 00,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSWQDRV.SYS

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/12/23 08:56:33 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/23 08:35:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/23 08:35:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/23 08:34:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/23 08:34:56 | 52,789,2480 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/23 08:25:39 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/22 20:39:37 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/22 20:39:37 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/22 20:39:37 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/22 20:37:08 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2008/12/22 19:35:00 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2008/12/22 10:48:03 | 02,885,687 | R--- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\ComboFix.exe
[2008/12/21 21:00:51 | 00,003,145 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\Kasplog.html
[2008/12/20 23:12:33 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/20 19:37:18 | 00,244,224 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/18 19:07:21 | 00,290,458 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/15 15:53:12 | 00,000,324 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Application Data\wklnhst.dat
[2008/12/15 15:53:10 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\My Documents\RESUME` no dates.doc
[2008/12/15 15:47:05 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\My Documents\RESUME`.doc
[2008/12/14 20:53:59 | 00,073,174 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\bus.pdf
[2008/12/13 03:41:00 | 00,010,485 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/13 03:38:25 | 00,473,204 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/13 03:38:25 | 00,402,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/13 03:38:25 | 00,063,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/13 03:34:32 | 00,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/13 00:42:27 | 00,287,326 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081218-190721.backup
[2008/12/12 23:53:24 | 00,016,384 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2008/12/12 03:01:55 | 00,290,098 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2008/12/12 02:40:21 | 00,287,885 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081212-030155.backup
[2008/12/11 04:42:04 | 00,288,974 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081211-173905.backup
[2008/12/10 19:32:09 | 00,287,084 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081211-010343.backup
[2008/12/10 05:52:27 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/10 05:03:06 | 09,250,688 | -H-- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Local Settings\Application Data\IconCache.db
[2008/12/09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/04 16:53:47 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 17:42:32 | 00,000,915 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081210-045144.backup
[2008/11/30 20:15:08 | 00,243,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/29 17:10:22 | 00,067,640 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/25 21:06:12 | 00,000,293 | ---- | M] () -- C:\Documents and Settings\Pimp daddy B. Slim\Desktop\Shortcut to Local Disk ©.lnk
[2008/11/25 17:29:37 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\SYSWQDRV.SYS
< End of report >

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 23 December 2008 - 10:50 AM

Hello.

The Combofix log you gave me is the same as the previous run that was run from the Desktop. I want to see the one that you ran with the CFScript.

Please give me that log. The log can be found at C:\Combofix.txt

Post back with the other Combofix.txt log. A new GMER log would also be nice.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 blakeinkzoo

blakeinkzoo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:07:49 AM

Posted 23 December 2008 - 11:21 AM

Either it is not there or I can not find it. I found the other log that I posted in a folder called Qoobox. :thumbsup: Sorry for my computer illiteracy.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 23 December 2008 - 11:34 AM

Hello again.

Either it is not there or I can not find it. I found the other log that I posted in a folder called Qoobox. Sorry for my computer illiteracy

Strange..

Can you tell me what combofix files are in the qoobox folder? They should be called: Combofix2.txt or Combofix3.txt etc...

Tell me all the Combofix[*].txt there are in the Qoobox folder. Check again if it is not in C:\Combofix.txt.
* represents a number..

Also do a search for Combofix.txt making sure it wasn't placed somewhere else.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 blakeinkzoo

blakeinkzoo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:07:49 AM

Posted 23 December 2008 - 11:53 AM

strange. :thumbsup: oh no.

in the Qoobox folder- a file named BackEnv, a file named Quarantine.
Add-Remove Programs.txt, CFScript_used_2008-12-23@8.22.txt, ComboFix2.txt,ComboFix-quarantined-files.txt, snapshot@2008-12-22_20.25.22.59.dat, snapshot@2008-12-22_20.25.22.59_B.dat

My Search came up with

ComboFix.txt C:\Documents and Settings\Pimp daddy B. Slim\Desktop 12/23/2008 8:27am
newcombofix.txt C:\Documents and Settings\Pimp daddy B. Slim\Desktop 12/23/2008 7:51 am ---that is the txt to insert into combofix

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 23 December 2008 - 12:00 PM

Hello.

Please do not worry. We will get this sorted out soon, if not we will run it again..

in the Qoobox folder- a file named BackEnv, a file named Quarantine.
Add-Remove Programs.txt, CFScript_used_2008-12-23@8.22.txt, ComboFix2.txt,ComboFix-quarantined-files.txt, snapshot@2008-12-22_20.25.22.59.dat, snapshot@2008-12-22_20.25.22.59_B.dat

My Search came up with

ComboFix.txt C:\Documents and Settings\Pimp daddy B. Slim\Desktop 12/23/2008 8:27am
newcombofix.txt C:\Documents and Settings\Pimp daddy B. Slim\Desktop 12/23/2008 7:51 am ---that is the txt to insert into combofix

Combofix2.txt was the previous run of Combofix, which you gave me in the last post. The other ones are some additional information.

C:\Documents and Settings\Pimp daddy B. Slim\Desktop\newcombofix.txt<-This file, is this what you used for the CFScript?

C:\Documents and Settings\Pimp daddy B. Slim\Desktop\Combofix.txt<-This one is probably the one I'm looking for. Please post back with that log and I'll see if it's the one. If not we may need to run Combofix with CFScript again..

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 blakeinkzoo

blakeinkzoo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:07:49 AM

Posted 23 December 2008 - 12:10 PM

yes the newcombofix.txt is what I called the CFScript.

here is the combofix.txt from my desktop.

ComboFix 08-12-21.04 - Pimp daddy B. Slim 2008-12-23 8:22:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.172 [GMT -5:00]
Running from: c:\documents and settings\Pimp daddy B. Slim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pimp daddy B. Slim\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-23 08:20 . 2008-12-23 08:20 <DIR> d-------- C:\32788R22FWJFW
2008-12-22 20:39 . 2008-12-22 20:45 345 --a------ c:\windows\gmer.ini
2008-12-15 15:44 . 2008-12-15 15:53 324 --a------ c:\documents and settings\Pimp daddy B. Slim\Application Data\wklnhst.dat
2008-12-14 23:01 . 2008-12-14 23:02 <DIR> d-------- C:\rsit
2008-12-13 03:31 . 2008-12-13 03:31 <DIR> d-------- c:\windows\IIS Temporary Compressed Files
2008-12-13 03:29 . 2001-08-17 22:36 65,536 --a------ c:\windows\system32\dllcache\EXCH_mailmsg.dll
2008-12-13 03:29 . 2001-08-17 22:36 57,856 --a------ c:\windows\system32\dllcache\EXCH_scripto.dll
2008-12-13 03:29 . 2001-08-17 22:36 45,056 --a------ c:\windows\system32\dllcache\EXCH_aqadmin.dll
2008-12-13 03:29 . 2001-08-17 22:36 43,520 --a------ c:\windows\system32\dllcache\EXCH_fcachdll.dll
2008-12-13 03:29 . 2001-08-17 22:36 38,912 --a------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2008-12-13 03:29 . 2001-08-17 22:36 26,112 --a------ c:\windows\system32\dllcache\EXCH_seos.dll
2008-12-13 03:29 . 2001-08-17 22:36 23,040 --a------ c:\windows\system32\dllcache\EXCH_regtrace.exe
2008-12-13 03:29 . 2001-08-17 22:36 12,288 --a------ c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2008-12-13 03:29 . 2001-08-17 22:36 7,168 --a------ c:\windows\system32\dllcache\EXCH_snprfdll.dll
2008-12-13 03:29 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\dllcache\EXCH_adsiisex.dll
2008-12-13 03:27 . 2008-12-13 03:32 <DIR> d-------- C:\Inetpub
2008-12-13 02:22 . 2008-12-13 02:22 <DIR> d-------- C:\VundoFix Backups
2008-12-11 17:04 . 2008-12-11 23:51 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-11 01:08 . 2008-12-11 01:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 01:08 . 2008-12-11 01:08 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\Malwarebytes
2008-12-11 01:08 . 2008-12-11 01:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 01:08 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 01:08 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 06:22 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-10 06:22 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-05 01:33 . 2008-12-12 23:53 16,384 --a------ c:\windows\DCEBoot.exe
2008-12-04 16:53 . 2008-12-04 16:53 4,128 --a------ C:\INFCACHE.1
2008-12-04 00:58 . 2008-12-04 00:58 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\AdobeUM
2008-12-03 23:50 . 2008-12-17 18:24 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\Move Networks
2008-12-03 22:14 . 2008-12-03 22:14 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\Intel
2008-12-03 20:03 . 2008-12-03 20:03 <DIR> d-------- c:\documents and settings\Pimp daddy B. Slim\Application Data\vlc
2008-11-29 16:44 . 2008-11-29 16:44 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-29 16:42 . 2008-11-29 22:49 <DIR> d-------- c:\program files\Windows Live
2008-11-29 16:42 . 2008-11-29 16:42 <DIR> d-------- c:\program files\Microsoft
2008-11-29 16:23 . 2008-11-29 16:23 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-11-25 19:41 . 2008-11-25 19:41 <DIR> d-------- c:\windows\Google Earth Pro 4.2
2008-11-25 17:58 . 2008-11-25 17:59 <DIR> d-------- C:\unknown dwnlds
2008-11-25 17:29 . 2008-11-25 17:29 60 --a------ c:\windows\system32\SYSWQDRV.SYS
2008-11-25 17:10 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 15:59 --------- d-----w c:\program files\Dl_cats
2008-12-21 23:56 --------- d-----w c:\program files\Google
2008-12-13 08:19 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-13 03:00 --------- d-----w c:\program files\Trend Micro
2008-12-12 04:51 --------- d-----w c:\program files\Microsoft Works
2008-12-10 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 10:56 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-03 04:10 --------- d-----w c:\program files\BitComet
2008-11-25 22:45 --------- d-----w c:\program files\MpcStar
2008-11-19 08:47 --------- d-----w c:\program files\QuickTime
2008-11-09 02:24 5,226 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-10-28 06:22 --------- d-----w c:\program files\Common Files\Real
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-02-20 22:42 56 --sh--r c:\windows\system32\60924F01AE.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-22_20.25.22.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-23 01:39:37 884,736 ----a-w c:\windows\gmer.dll
+ 2008-12-23 01:37:08 811,008 ----a-w c:\windows\gmer.exe
+ 2008-12-23 01:39:37 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
+ 2008-12-23 02:03:48 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_63c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 8192]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22443:TCP"= 22443:TCP:BitComet 22443 TCP
"22443:UDP"= 22443:UDP:BitComet 22443 UDP

R2 tmevtmgr;tmevtmgr;\??\c:\windows\system32\drivers\tmevtmgr.sys [2008-02-08 52240]
R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2007-09-17 36368]
R3 tmproxy;Trend Micro Proxy Service;"c:\program files\Trend Micro\Internet Security\TmProxy.exe" [2008-02-08 648456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95ab751e-f04e-11db-970e-001422e9caca}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e656b0bd-c578-11db-96eb-001422e9caca}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.myspace.com/
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Pimp daddy B. Slim\Application Data\Mozilla\Firefox\Profiles\i5jfcpkj.default\
FF - prefs.js: browser.startup.homepage - www.myspace.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 08:25:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(508)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2008-12-23 8:27:16
ComboFix-quarantined-files.txt 2008-12-23 13:27:12
ComboFix2.txt 2008-12-23 01:26:00

Pre-Run: 12,289,523,712 bytes free
Post-Run: 12,270,350,336 bytes free

183 --- E O F --- 2008-12-18 03:39:28


Is that the one?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users