Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mirar and a whole buncha other crud like Virtumonde


  • This topic is locked This topic is locked
22 replies to this topic

#1 sagasha

sagasha

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, MI
  • Local time:03:20 PM

Posted 16 December 2008 - 08:44 PM

Last week my machine mysteriously started being redirected from hotmail to other URLs. The Mirar toolbar was installed somehow and now the machine is super slow and popups are a constant way of life. I have tried several different reg fix programs. Previous to this problem machine ran perfect with Spybot and McAfee being run at least once a week. Don't know waht happened. Ant help would be greatly appreciated.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Wilson at 2008-12-16 20:31:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 19 GB (55%) free of 35 GB
Total RAM: 766 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:41 PM, on 12/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Documents and Settings\Wilson\Desktop\RSIT.exe
C:\Program Files\trend micro\Wilson.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {aaddbd5a-509e-44d7-b930-9142f8e2186f} - C:\WINDOWS\system32\malufige.dll
O2 - BHO: (no name) - {C258CBC4-6225-4D30-B854-D7C44ED32CC5} - C:\WINDOWS\system32\urqOHXOg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [BHR] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nokipipiki] Rundll32.exe "C:\WINDOWS\system32\dazuyelu.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-20\..\Run: [nokipipiki] Rundll32.exe "C:\WINDOWS\system32\dazuyelu.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\googletoolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\googletoolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\googletoolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\googletoolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200610...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1199302321453
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aimprods01.webex.com/client/v_myweb...bex/ieatgpc.cab
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\wivanowo.dll fbbyrb.dll,rcwpib.dll,xdgdcj.dll bfwpxs.dll vqeaxw.dll ucsxka.dll,C:\WINDOWS\system32\jutunaja.dll
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: tuvUmLET - C:\WINDOWS\
O20 - Winlogon Notify: yayvSjji - yayvSjji.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

--
End of file - 10845 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\wwffhigt.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aaddbd5a-509e-44d7-b930-9142f8e2186f}]
C:\WINDOWS\system32\malufige.dll [2008-09-16 66215]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C258CBC4-6225-4D30-B854-D7C44ED32CC5}]
C:\WINDOWS\system32\urqOHXOg.dll [2008-12-03 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-05-21 451896]
"BHR"=C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe [2006-10-24 9375744]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"nokipipiki"=C:\WINDOWS\system32\dazuyelu.dll [2008-09-16 66215]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2006-01-06 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
C:\WINDOWS\system32\hphmon04.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mvugocopolog]
C:\WINDOWS\Flakazohe.dll [2008-12-03 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nfukekojotohun]
C:\WINDOWS\ohepiriq.dll [2008-12-03 141824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nokipipiki]
C:\WINDOWS\system32\wivanowo.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\HOMERunner.exe [2007-10-31 378784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-10-24 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk.disabled]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk.disabled]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^Deewoo.lnk]
C:\WINDOWS\system32\ocnttsdl.exe DWmmm01 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^DW_Start.lnk]
C:\WINDOWS\system32\rqwnw64k.exe DWmmm01 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^IMVU.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^Last.fm Helper.lnk]
C:\PROGRA~1\Last.fm\LASTFM~1.EXE [2007-12-19 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Documents and Settings\Wilson\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=",C:\WINDOWS\system32\wivanowo.dll fbbyrb.dll,rcwpib.dll,xdgdcj.dll bfwpxs.dll vqeaxw.dll ucsxka.dll,C:\WINDOWS\system32\jutunaja.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvUmLET]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayvSjji]
yayvSjji.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\urqOHXOg
"notification packages"=scecli
C:\WINDOWS\system32\wivanowo.dll
C:\WINDOWS\system32\jutunaja.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\clbdriver.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoToolbarCustomize"=0
"NoDesktop"=0
"NoActiveDesktop"=0
"DisallowRun"=0
"NoBandCustomize"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\1147562001\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1147562001\ee\aim6.exe:*:Disabled:AIM"
"C:\Program Files\Common Files\AOL\1147562001\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1147562001\ee\aolsoftware.exe:*:Disabled:AOL Services"
"C:\Program Files\World of Warcraft\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.8.4.4878-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.8.4.4878-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Documents and Settings\Wilson\Local Settings\Temporary Internet Files\Content.IE5\CVUX4HMB\Arathi_Basin_new_EG-downloader[1].exe"="C:\Documents and Settings\Wilson\Local Settings\Temporary Internet Files\Content.IE5\CVUX4HMB\Arathi_Basin_new_EG-downloader[1].exe:*:Disabled:Blizzard Downloader"
"C:\Documents and Settings\Wilson\Local Settings\Temporary Internet Files\Content.IE5\2HCNI5QZ\Zul'Gurub_English-downloader[1].exe"="C:\Documents and Settings\Wilson\Local Settings\Temporary Internet Files\Content.IE5\2HCNI5QZ\Zul'Gurub_English-downloader[1].exe:*:Disabled:Blizzard Downloader"
"C:\Documents and Settings\Wilson\Desktop\Nefarian_EG-downloader.exe"="C:\Documents and Settings\Wilson\Desktop\Nefarian_EG-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\Sierra\FEAR\fpupdate.exe"="C:\Program Files\Sierra\FEAR\fpupdate.exe:*:Disabled:fpupdate"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Last.fm\LastFM.exe"="C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe:*:Enabled:IntelMEM"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\McAfee\VirusScan\mcsysmon.exe"="C:\Program Files\McAfee\VirusScan\mcsysmon.exe:*:Enabled:mcsysmon"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe:*:Enabled:nmctxth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\Info.exe folder.htt 480 480


======File associations======

.reg - open - "regedit.exe" "%1"
.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2008-12-16 20:31:28 ----D---- C:\rsit
2008-12-16 20:31:28 ----D---- C:\Program Files\trend micro
2008-12-16 20:20:23 ----D---- C:\Program Files\RegCure
2008-12-16 20:13:40 ----D---- C:\Documents and Settings\Wilson\Application Data\Uniblue
2008-12-16 20:13:14 ----D---- C:\Program Files\Uniblue
2008-12-16 20:12:56 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-16 14:21:58 ----D---- C:\Documents and Settings\Wilson\Application Data\AdobeUM
2008-12-15 18:32:14 ----A---- C:\WINDOWS\system32\ucsxka.dll
2008-12-15 18:32:13 ----A---- C:\WINDOWS\system32\lenngonj.dll
2008-12-15 18:29:17 ----SH---- C:\WINDOWS\system32\ernepevd.ini
2008-12-15 18:29:13 ----A---- C:\WINDOWS\system32\dvepenre.dll
2008-12-15 18:03:21 ----D---- C:\Documents and Settings\Wilson\Application Data\OpenOffice.org
2008-12-15 17:57:00 ----D---- C:\Program Files\JRE
2008-12-15 17:56:33 ----D---- C:\Program Files\OpenOffice.org 3
2008-12-15 17:55:41 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-15 17:55:41 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-15 17:55:41 ----A---- C:\WINDOWS\system32\java.exe
2008-12-15 17:28:22 ----A---- C:\WINDOWS\system32\LEXPPS.EXE
2008-12-15 17:28:22 ----A---- C:\WINDOWS\system32\LEXP2P32.DLL
2008-12-15 17:28:22 ----A---- C:\WINDOWS\system32\LEXBCES.EXE
2008-12-15 17:28:21 ----A---- C:\WINDOWS\system32\LEXBCE.DLL
2008-12-15 17:28:21 ----A---- C:\WINDOWS\system32\LEX2KUSB.DLL
2008-12-15 17:28:21 ----A---- C:\WINDOWS\system32\dlbcvs.dll
2008-12-15 17:28:21 ----A---- C:\WINDOWS\system32\dlbcpwr.dll
2008-12-15 17:28:20 ----A---- C:\WINDOWS\system32\lexlmpm.dll
2008-12-15 17:28:20 ----A---- C:\WINDOWS\system32\dlbccoin.ini
2008-12-15 17:28:20 ----A---- C:\WINDOWS\system32\dlbccoin.dll
2008-12-15 17:28:20 ----A---- C:\WINDOWS\system32\dlbccinf.dll
2008-12-15 17:28:19 ----D---- C:\Program Files\Dell 720
2008-12-15 17:27:08 ----D---- C:\Dell720
2008-12-14 18:30:01 ----SH---- C:\WINDOWS\system32\bnqbgggx.ini
2008-12-14 18:30:00 ----A---- C:\WINDOWS\system32\xgggbqnb.dll
2008-12-14 18:27:01 ----A---- C:\WINDOWS\system32\vqeaxw.dll
2008-12-14 18:27:00 ----A---- C:\WINDOWS\system32\jullfged.dll
2008-12-13 18:30:01 ----A---- C:\WINDOWS\system32\ahkxmj.dll
2008-12-13 18:30:00 ----A---- C:\WINDOWS\system32\hxnfjlny.dll
2008-12-13 18:27:01 ----SH---- C:\WINDOWS\system32\gbgiqxme.ini
2008-12-13 18:27:00 ----N---- C:\WINDOWS\system32\emxqigbg.dll
2008-12-13 13:08:50 ----ASH---- C:\WINDOWS\system32\gOXHOqru.ini2
2008-12-12 18:30:01 ----SH---- C:\WINDOWS\system32\ittujuvr.ini
2008-12-12 18:30:01 ----N---- C:\WINDOWS\system32\rvujutti.dll
2008-12-12 18:27:03 ----A---- C:\WINDOWS\system32\bfwpxs.dll
2008-12-12 18:27:02 ----A---- C:\WINDOWS\system32\gmpvtsjr.dll
2008-12-11 21:57:00 ----N---- C:\WINDOWS\system32\fstkuhdb.dll
2008-12-10 21:55:28 ----A---- C:\WINDOWS\system32\qxydusmw.dll
2008-12-10 21:51:49 ----A---- C:\WINDOWS\system32\iisifsfq.dll
2008-12-04 14:06:51 ----A---- C:\Documents and Settings\Wilson\Application Data\bhrslog.txt
2008-12-04 14:06:50 ----D---- C:\Program Files\Zamaan's Software
2008-12-04 13:56:33 ----D---- C:\Program Files\BHODemon 2
2008-12-04 13:30:56 ----D---- C:\Program Files\CCleaner
2008-12-04 13:25:12 ----A---- C:\WINDOWS\RegGenie.ini
2008-12-04 13:21:11 ----A---- C:\WINDOWS\RegGenieOnUninstall.exe
2008-12-04 13:21:05 ----D---- C:\Program Files\RegGenie
2008-12-04 12:46:56 ----ASH---- C:\WINDOWS\system32\gOXHOqru.ini
2008-12-04 10:49:02 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-04 10:48:41 ----D---- C:\Program Files\Spyware Doctor
2008-12-04 10:21:20 ----A---- C:\WINDOWS\ucigenoguqutoqih.dll
2008-12-04 00:54:56 ----A---- C:\WINDOWS\system32\clb.dll
2008-12-03 18:20:59 ----A---- C:\WINDOWS\system32\g80.exe
2008-12-03 17:26:46 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-12-03 17:20:51 ----A---- C:\WINDOWS\system32\gside.exe
2008-12-03 17:16:21 ----A---- C:\WINDOWS\ohepiriq.dll
2008-12-03 17:12:30 ----D---- C:\WINDOWS\system32\uv9
2008-12-03 17:12:30 ----D---- C:\WINDOWS\system32\dv
2008-12-03 17:12:28 ----D---- C:\WINDOWS\system32\ki3
2008-12-03 17:12:27 ----D---- C:\WINDOWS\system32\VC
2008-12-03 17:12:27 ----D---- C:\WINDOWS\system32\bin
2008-12-03 17:09:42 ----A---- C:\WINDOWS\system32\876c6860-.txt
2008-12-03 17:08:48 ----A---- C:\WINDOWS\system32\urqOHXOg.dll
2008-12-03 17:04:12 ----A---- C:\bflkwx.exe
2008-12-03 17:04:11 ----A---- C:\WINDOWS\Flakazohe.dll
2008-12-03 17:04:10 ----A---- C:\fjytg.exe
2008-12-03 17:03:26 ----A---- C:\WINDOWS\system32\prunnet.exe

======List of files/folders modified in the last 1 months======

2008-12-16 20:31:28 ----D---- C:\Program Files
2008-12-16 20:30:50 ----D---- C:\WINDOWS\Temp
2008-12-16 20:29:43 ----D---- C:\WINDOWS\system32
2008-12-16 20:20:31 ----SD---- C:\WINDOWS\Tasks
2008-12-16 20:13:20 ----SHD---- C:\WINDOWS\Installer
2008-12-16 20:13:20 ----SHD---- C:\Config.Msi
2008-12-16 20:12:49 ----D---- C:\WINDOWS\Prefetch
2008-12-16 18:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-16 14:34:52 ----D---- C:\WINDOWS
2008-12-16 14:32:43 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-16 13:54:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-16 09:53:08 ----ASH---- C:\WINDOWS\system32\borazufu.dll
2008-12-15 22:09:15 ----AC---- C:\WINDOWS\dellstat.ini
2008-12-15 21:52:53 ----ASH---- C:\WINDOWS\system32\nejopoyi.dll
2008-12-15 18:02:15 ----RSD---- C:\WINDOWS\assembly
2008-12-15 18:01:08 ----D---- C:\WINDOWS\WinSxS
2008-12-15 17:57:41 ----RSD---- C:\WINDOWS\Fonts
2008-12-15 17:55:32 ----D---- C:\Program Files\Java
2008-12-15 17:28:27 ----HD---- C:\WINDOWS\inf
2008-12-11 20:08:49 ----D---- C:\Documents and Settings\Wilson\Application Data\Macromedia
2008-12-11 20:06:42 ----D---- C:\Documents and Settings\Wilson\Application Data\Apple Computer
2008-12-11 20:03:25 ----A---- C:\WINDOWS\wininit.ini
2008-12-10 21:51:10 ----ASH---- C:\WINDOWS\system32\hesudobu.dll
2008-12-04 13:42:41 ----D---- C:\WINDOWS\Minidump
2008-12-04 13:42:41 ----D---- C:\WINDOWS\Debug
2008-12-04 12:28:31 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-04 12:28:29 ----D---- C:\Program Files\Viewpoint
2008-12-04 12:28:06 ----D---- C:\WINDOWS\system32\drivers
2008-12-04 12:23:35 ----D---- C:\temp
2008-12-04 10:50:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-04 01:18:06 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-04 00:55:03 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-03 23:40:21 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-03 23:26:13 ----ASH---- C:\boot.ini
2008-12-03 23:26:13 ----A---- C:\WINDOWS\win.ini
2008-12-03 23:26:12 ----A---- C:\WINDOWS\system.ini
2008-12-03 23:18:01 ----D---- C:\WINDOWS\pss
2008-11-24 16:49:31 ----D---- C:\Documents and Settings\Wilson\Application Data\Sony
2008-11-24 16:27:35 ----D---- C:\Program Files\Sony
2008-11-24 16:26:24 ----D---- C:\Program Files\Sony Setup
2008-11-19 07:28:02 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-01-01 8413]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-05-16 23992]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-05-16 25272]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 diskdumpp;diskdumpp; C:\WINDOWS\System32\drivers\diskdumpp.sys []
S1 mutohpenn;mutohpenn; C:\WINDOWS\System32\drivers\mutohpenn.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Partizan;Partizan; C:\WINDOWS\system32\drivers\Partizan.sys []
S3 RT73;Belkin USB Network Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-08-02 232192]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-06-13 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-04-17 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-21 12800]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-12-16 20:31:47

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.44 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Browser Hijack Retaliator 4.5.0 Build 471-->"C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\unins000.exe"
Canon CanoScan Toolbox 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}\Setup.exe" -l0x9 anything
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Photo Printer 720-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hemera Photo-Objects & PhotoFont Maker-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hemera Photo-Objects Viewer\Uninst.isu"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Last.fm 1.5.1.29527-->"C:\Program Files\Last.fm\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition-->C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Network Magic-->C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RegCure 1.5.1.3-->C:\Program Files\RegCure\uninst.exe
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sony ACID XPress 5.0a-->MsiExec.exe /X{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
TomTom HOME-->C:\Program Files\InstallShield Installation Information\{3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly -removeonly
TweakNow RegCleaner Standard-->"C:\Program Files\TweakNow RegCleaner Std\unins000.exe"
TweakNow WinSecret Professional-->"C:\Program Files\TweakNow WinSecret\unins000.exe"
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
ZZZMirar-->mshta.exe http://remove.getmirar.com/

======Security center information======

AV: McAfee VirusScan (disabled)
FW: McAfee Personal Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 16, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 16, 2008 17:52:49
Records in database: 1466314
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 123740
Threat name: 9
Infected objects: 40
Suspicious objects: 0
Duration of the scan: 03:30:11


File name / Threat name / Threats count
C:\WINDOWS\system32\bfwpxs.dll/C:\WINDOWS\system32\bfwpxs.dll Infected: Trojan.Win32.Monder.abwh 27
C:\WINDOWS\System32\bfwpxs.dll/C:\WINDOWS\System32\bfwpxs.dll Infected: Trojan.Win32.Monder.abwh 3
C:\WINDOWS\system32\bfwpxs.dll Infected: Trojan.Win32.Monder.abwh 1
C:\WINDOWS\system32\emxqigbg.dll Infected: Trojan.Win32.Monder.acgs 1
C:\WINDOWS\system32\g80.exe Infected: Trojan-Clicker.Win32.Agent.buk 1
C:\WINDOWS\system32\gmpvtsjr.dll Infected: Trojan.Win32.Monder.abwh 1
C:\WINDOWS\system32\gside.exe Infected: Trojan-Downloader.Win32.Zlob.ymu 1
C:\WINDOWS\system32\iisifsfq.dll Infected: Trojan.Win32.Monder.abna 1
C:\WINDOWS\system32\prunnet.exe Infected: Trojan.Win32.VB.hfs 1
C:\WINDOWS\system32\qxydusmw.dll Infected: Trojan.Win32.Monder.abke 1
C:\WINDOWS\system32\rvujutti.dll Infected: Trojan.Win32.Monder.abwi 1
C:\WINDOWS\system32\xgggbqnb.dll Infected: Trojan.Win32.Monder.acfd 1

The selected area was scanned.


Any help would be greatly appreciated. I ain't the brightest bulb in the bunch when it comes to this kind of thing but I am a whiz with Flash and Photoshop if that helps.

sagasha

Edited by PropagandaPanda, 25 December 2008 - 05:18 AM.
Removed email address to prevent spamming.

sagasha
mysterious dust from space

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 PM

Posted 25 December 2008 - 06:22 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 sagasha

sagasha
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, MI
  • Local time:03:20 PM

Posted 27 December 2008 - 03:45 PM

Thank you so much for your help. I'll be performing the requested operations ASAP and just wanted to let you know I'm here.

thanks
sagasha
mysterious dust from space

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 PM

Posted 27 December 2008 - 05:09 PM

Thanks for letting me know.

Post back with the results once you are ready :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 sagasha

sagasha
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, MI
  • Local time:03:20 PM

Posted 28 December 2008 - 01:21 AM

most gracious extremeboy,

below are the files requested:


OTViewIt logfile created on: 12/27/2008 3:48:50 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Wilson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.98 Mb Total Physical Memory | 301.70 Mb Available Physical Memory | 39.39% Memory free
1.83 Gb Paging File | 1.40 Gb Available in Paging File | 76.32% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1349;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.79 Gb Total Space | 17.73 Gb Free Space | 52.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69.24 Gb Total Space | 52.34 Gb Free Space | 75.59% Space Free | Partition Type: NTFS
Drive F: | 5.27 Gb Total Space | 0.92 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGRED
Current User Name: Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2008/12/17 09:21:23 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[2008/05/21 16:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/12/17 09:21:24 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2005/09/20 09:32:16 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/12/27 15:35:41 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/06/13 22:02:27 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/05/03 11:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/12/17 09:21:23 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2008/04/17 16:15:10 | 00,069,632 | ---- | M] (Macromedia) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2002/12/17 16:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
[2002/12/17 16:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2008/05/21 16:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2002/12/17 16:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/05/03 11:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2008/04/13 13:39:46 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dot4.sys -- (dot4 [On_Demand | Stopped])
[2001/08/17 13:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2001/08/17 13:47:32 | 00,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2004/02/10 22:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/03/06 05:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/06 05:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/06/16 04:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/01/01 16:03:21 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
[2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/06 05:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2008/05/16 05:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/05/16 05:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/08/02 23:00:36 | 00,232,192 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/09/17 15:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2005/01/27 22:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.my.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Start Page"=http://www.dell4me.com/myway

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Start Page"=http://www.dell4me.com/myway

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.my.yahoo.com

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{aaddbd5a-509e-44d7-b930-9142f8e2186f} (HKLM) -- C:\WINDOWS\system32\tobirugo.dll ()
{BC109875-E2C2-4897-AAC3-753DC03B2DAF} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB8A7D4C-6982-435E-8FF2-5BF0076BE290}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB8A7D4C-6982-435E-8FF2-5BF0076BE290}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8c4fac1e"=rundll32.exe "C:\WINDOWS\system32\subalavi.dll",b ()
"BHR"=C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe (Zamaan's Software)
"CPM8f7c9f82"=Rundll32.exe "c:\windows\system32\fujobila.dll",a ()
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
"nokipipiki"=Rundll32.exe "C:\WINDOWS\system32\telonapi.dll",s ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020023 -iexplore.exe7.0 (Adobe Systems, Inc.)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020023 -iexplore.exe7.0 (Adobe Systems, Inc.)

========== (O4) Startup Folders ==========

[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Wilson\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"Homepage"=0
"History"=0

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0
"NoSelectDownloadDir"=0
"NoBrowserClose"=0
"NoViewSource"=0
"NoBrowserContextMenu"=0
"NoFileNew"=0
"NoFileOpen"=0
"NoBrowserSaveAs"=0
"NoFavorites"=0

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\policies\microsoft\internet explorer\Control Panel]
"Homepage"=0
"History"=0

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0
"NoSelectDownloadDir"=0
"NoBrowserClose"=0
"NoViewSource"=0
"NoBrowserContextMenu"=0
"NoFileNew"=0
"NoFileOpen"=0
"NoBrowserSaveAs"=0
"NoFavorites"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoToolbarCustomize"=0
"NoFileMenu"=0
"NoDesktop"=0
"NoActiveDesktop"=0
"NoSaveSettings"=0
"NoLowDiskSpaceChecks"=0
"DisallowRun"=0
"NoBandCustomize"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoToolbarCustomize"=0
"NoFileMenu"=0
"NoDesktop"=0
"NoActiveDesktop"=0
"NoSaveSettings"=0
"NoLowDiskSpaceChecks"=0
"DisallowRun"=0
"NoBandCustomize"=0

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
&Translate English Word: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Backward Links: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Cached Snapshot of Page: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Similar Pages: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Translate Page into English: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
&Translate English Word: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Backward Links: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Cached Snapshot of Page: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Similar Pages: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Translate Page into English: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://a1540.g.akamai.net/7/1540/52/200610...ex/qtplugin.cab -- QuickTime Object
{05D44720-58E3-49E6-BDF6-D00330E511D3}: http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab -- StagingUI Object
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}: http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab -- ZoneBuddy Class
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{55027008-315F-4F45-BBC3-8BE119764741}: http://www.slide.com/uploader/SlideImageUploader.cab -- Slide Image Uploader Control
{5736C456-EA94-4AAC-BB08-917ABDD035B3}: http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab -- ZonePAChat Object
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4}: http://catalog.update.microsoft.com/v7/sit...b?1199302321453 -- MUCatalogWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1229495589656 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{CAC181B0-4D70-402D-B571-C596A47D0CE0}: http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab -- CBankshotZoneCtrl Class
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CD995117-98E5-4169-9920-6C12D4C0B548}: http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab -- HGPlugin9USA Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}: http://zone.msn.com/binframework/v10/StProxy.cab41227.cab -- StadiumProxy Class
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}: https://aimprods01.webex.com/client/v_myweb...bex/ieatgpc.cab -- GpcContainer Class

========== (O17) DNS Name Servers ==========

{7FFF62B2-ABE6-4249-B1D3-C549C60E9540} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\wivanowo.dll fbbyrb.dll rcwpib.dll xdgdcj.dll bfwpxs.dll vqeaxw.dll ucsxka.dll epvdzq.dll zvsjip.dll bmlzhi.dll ilhxtg.dll yjptmd.dll C:\WINDOWS\system32\biyedepu.dll c:\windows\system32\fujobila.dll
>File not found -- C:\WINDOWS\system32\wivanowo.dll
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>[2008/09/27 15:25:38 | 00,063,705 | -HS- | M] () -- C:\WINDOWS\system32\biyedepu.dll
>[2008/12/27 15:25:27 | 00,096,495 | -HS- | M] () -- c:\WINDOWS\system32\fujobila.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
tuvUmLET: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
yayvSjji: "DllName" = yayvSjji.dll -- File not found

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (HKLM) -- c:\WINDOWS\system32\fujobila.dll ()

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" (HKLM) = STS -- c:\WINDOWS\system32\fujobila.dll ()

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\urqOHXOg,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [SET PATH=%PATH%;C:\PROGRA~1\COMMON~1\AUTODE~1 | ]
[2006/05/16 12:25:11 | 00,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- F:\AUTOEXEC.BAT -- [ FAT32 ]

Autorun.inf [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ]
[2002/09/11 04:02:32 | 00,000,045 | -HS- | M] () -- F:\Autorun.inf -- [ FAT32 ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\AutoRun\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\install\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualEnglish\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualFrench\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualSpanish\command]
""=G:\rcaeasyrip_setup.exe -- File not found



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\Info.exe -- [2002/09/10 22:54:58 | 00,040,960 | -HS- | M] (XSS)

========== Files/Folders - Created Within 30 Days ==========

[24 C:\WINDOWS\System32\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2008/12/27 15:35:35 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe
[2008/12/27 15:25:38 | 01,620,826 | -HS- | C] () -- C:\WINDOWS\System32\igubipat.ini
[2008/12/26 19:39:50 | 01,685,430 | -HS- | C] () -- C:\WINDOWS\System32\emisuniw.ini
[2008/12/25 18:53:06 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\ikorizoh.ini
[2008/12/25 05:54:13 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\ivalabus.ini
[2008/12/24 15:33:44 | 01,661,209 | -HS- | C] () -- C:\WINDOWS\System32\yktoroxi.ini
[2008/12/24 15:32:23 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\ebepozoh.ini
[2008/12/24 02:41:45 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\uzerawak.ini
[2008/12/23 14:42:08 | 01,603,458 | -HS- | C] () -- C:\WINDOWS\System32\esemihum.ini
[2008/12/22 15:10:28 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\opiveyun.ini
[2008/12/21 17:51:57 | 00,000,705 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\World of Warcraft Trial.lnk
[2008/12/21 17:50:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2008/12/21 17:50:12 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Trial
[2008/12/21 17:16:19 | 01,661,209 | -HS- | C] () -- C:\WINDOWS\System32\qdsmxpsi.ini
[2008/12/21 16:23:44 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\ayugayoh.ini
[2008/12/21 02:40:14 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\epayoham.ini
[2008/12/20 14:42:19 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\iferewep.ini
[2008/12/20 04:23:45 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\asaduyet.ini
[2008/12/19 14:44:52 | 01,661,209 | -HS- | C] () -- C:\WINDOWS\System32\nuyoyfge.ini
[2008/12/19 14:40:27 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\uvikutas.ini
[2008/12/17 20:55:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\McAfee
[2008/12/17 20:53:13 | 01,661,900 | -HS- | C] () -- C:\WINDOWS\System32\vuwrratq.ini
[2008/12/17 20:39:25 | 00,908,466 | -HS- | C] () -- C:\WINDOWS\System32\gOXHOqru.ini2
[2008/12/17 14:22:15 | 00,020,220 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\photo.jpg
[2008/12/17 09:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\Malwarebytes
[2008/12/17 09:24:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/17 09:24:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/17 01:38:22 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/12/17 01:28:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\InstallShield
[2008/12/16 23:22:36 | 00,020,689 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\sci exam.odt
[2008/12/16 20:44:17 | 00,000,116 | -H-- | C] () -- C:\Documents and Settings\Wilson\My Documents\.~lock.Sci Vocab.odt#
[2008/12/16 20:44:16 | 00,019,239 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Sci Vocab.odt
[2008/12/16 20:31:28 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/16 20:31:28 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/12/16 20:30:27 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\RSIT.exe
[2008/12/16 20:13:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\Uniblue
[2008/12/16 20:12:56 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2008/12/16 20:08:25 | 00,368,859 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\dds.scr
[2008/12/16 14:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\AdobeUM
[2008/12/15 19:38:35 | 00,015,730 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Ishmael paper.odt
[2008/12/15 18:45:14 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/12/15 18:45:14 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/12/15 18:39:12 | 00,036,967 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Final exam review.odt
[2008/12/15 18:31:35 | 00,019,053 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\Litton.odt
[2008/12/15 18:03:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\OpenOffice.org
[2008/12/15 18:01:10 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2008/12/15 17:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2008/12/15 17:56:33 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2008/12/15 17:36:17 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Printer Supplies - Inkjet.lnk
[2008/12/15 17:28:21 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2008/12/15 17:28:20 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2008/12/15 17:28:19 | 00,000,000 | ---D | C] -- C:\Program Files\Dell 720
[2008/12/15 17:27:08 | 00,000,000 | ---D | C] -- C:\Dell720
[2008/12/04 14:06:52 | 00,000,908 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\BHR Startup Programs.lnk
[2008/12/04 14:06:51 | 00,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2008/12/04 14:06:51 | 00,000,842 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\Browser Hijack Retaliator 4.5.lnk
[2008/12/04 14:06:50 | 00,000,000 | ---D | C] -- C:\Program Files\Zamaan's Software
[2008/12/04 13:56:33 | 00,000,000 | ---D | C] -- C:\Program Files\BHODemon 2
[2008/12/04 13:45:31 | 01,195,686 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\cc_20081204_134527.reg
[2008/12/04 13:30:57 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\CCleaner.lnk
[2008/12/04 13:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/04 13:25:12 | 00,000,583 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2008/12/04 13:21:11 | 00,158,720 | ---- | C] () -- C:\WINDOWS\RegGenieOnUninstall.exe
[2008/12/04 13:21:05 | 00,000,000 | ---D | C] -- C:\Program Files\RegGenie
[2008/12/04 12:47:04 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2008/12/04 12:47:04 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2008/12/04 12:46:56 | 00,908,466 | -HS- | C] () -- C:\WINDOWS\System32\gOXHOqru.ini
[2008/12/04 10:49:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
[2008/12/04 10:48:41 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2008/12/04 10:21:20 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ucigenoguqutoqih.dll
[2008/12/04 00:54:56 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clb.dll
[2008/12/04 00:54:56 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clb.dll
[2008/12/04 00:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Local Settings\Application Data\FreeFixer
[2008/12/03 23:34:02 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/03 18:20:59 | 00,153,489 | ---- | C] () -- C:\WINDOWS\System32\g80.exe
[2008/12/03 17:22:13 | 00,000,861 | ---- | C] () -- C:\WINDOWS\System32\winpfz33.sys
[2008/12/03 17:20:58 | 00,000,021 | ---- | C] () -- C:\WINDOWS\System32\zxdnt3d.cfg
[2008/12/03 17:16:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Local Settings\Application Data\{B4151342-AE5B-49AB-B574-3BB9B3A96AC1}
[2008/12/03 17:16:21 | 00,141,824 | ---- | C] () -- C:\WINDOWS\ohepiriq.dll
[2008/12/03 17:12:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\uv9
[2008/12/03 17:12:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dv
[2008/12/03 17:12:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ki3
[2008/12/03 17:12:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\VC
[2008/12/03 17:12:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bin
[2008/12/03 17:12:05 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Wilson\Local Settings\Application Data\.#
[2008/12/03 17:04:12 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\bflkwx.exe
[2008/12/03 17:04:11 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Flakazohe.dll
[2008/12/03 17:03:49 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\wwffhigt.job
[2008/12/03 17:03:26 | 00,035,241 | ---- | C] () -- C:\WINDOWS\System32\prunnet.exe
[2008/12/02 16:52:06 | 00,006,009 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\repell_004.swf
[2008/12/02 16:51:34 | 00,007,449 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\test_004.swf
[2008/12/02 16:50:48 | 00,007,464 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\test_005.swf
[2008/12/02 16:48:23 | 00,009,465 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\animateIn_03.swf
[2008/12/02 16:45:34 | 00,004,099 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\dinglePointclass_09.swf
[2008/12/02 16:42:04 | 00,005,159 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\test_002.swf
[2008/12/02 16:39:47 | 00,004,912 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\dinglePointclass_12.swf

========== Files - Modified Within 30 Days ==========

[24 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2008/12/27 15:45:31 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wedadopi
[2008/12/27 15:35:41 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe
[2008/12/27 15:25:47 | 01,620,826 | -HS- | M] () -- C:\WINDOWS\System32\igubipat.ini
[2008/12/27 15:25:28 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/27 15:25:27 | 00,096,495 | -HS- | M] () -- C:\WINDOWS\System32\fujobila.dll
[2008/12/27 15:25:25 | 00,085,122 | -HS- | M] () -- C:\WINDOWS\System32\tapibugi.dll
[2008/12/27 15:25:25 | 00,063,705 | -HS- | M] () -- C:\WINDOWS\System32\fujewipe.dll
[2008/12/27 15:25:25 | 00,017,743 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/12/27 15:24:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/27 15:24:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/27 15:24:11 | 80,326,2464 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/26 21:00:01 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\wwffhigt.job
[2008/12/26 19:40:31 | 01,685,430 | -HS- | M] () -- C:\WINDOWS\System32\emisuniw.ini
[2008/12/26 19:39:45 | 00,098,063 | -HS- | M] () -- C:\WINDOWS\System32\neletato.dll
[2008/12/26 19:39:45 | 00,087,347 | -HS- | M] () -- C:\WINDOWS\System32\winusime.dll
[2008/12/25 18:53:16 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\ikorizoh.ini
[2008/12/25 18:53:06 | 00,096,428 | -HS- | M] () -- C:\WINDOWS\System32\zefehewu.dll
[2008/12/25 18:53:06 | 00,085,089 | ---- | M] () -- C:\WINDOWS\System32\hoziroki.dll
[2008/12/25 17:52:37 | 00,085,065 | -HS- | M] () -- C:\WINDOWS\System32\yijefaze.dll
[2008/12/25 17:52:36 | 00,063,042 | -HS- | M] () -- C:\WINDOWS\System32\wukanipo.dll
[2008/12/25 13:51:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/25 06:08:27 | 00,000,642 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2008/12/25 05:54:16 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\ivalabus.ini
[2008/12/25 05:53:59 | 00,098,934 | -HS- | M] () -- C:\WINDOWS\System32\yuwehosu.dll
[2008/12/25 05:53:56 | 00,084,764 | ---- | M] () -- C:\WINDOWS\System32\subalavi.dll
[2008/12/24 18:27:28 | 00,908,466 | -HS- | M] () -- C:\WINDOWS\System32\gOXHOqru.ini
[2008/12/24 18:27:22 | 00,908,466 | -HS- | M] () -- C:\WINDOWS\System32\gOXHOqru.ini2
[2008/12/24 15:33:55 | 01,661,209 | -HS- | M] () -- C:\WINDOWS\System32\yktoroxi.ini
[2008/12/24 15:33:14 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\ebepozoh.ini
[2008/12/24 14:41:54 | 00,084,579 | ---- | M] () -- C:\WINDOWS\System32\hozopebe.dll
[2008/12/24 02:41:50 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\uzerawak.ini
[2008/12/24 02:41:44 | 00,084,744 | -HS- | M] () -- C:\WINDOWS\System32\kawarezu.dll
[2008/12/23 18:35:52 | 01,603,458 | -HS- | M] () -- C:\WINDOWS\System32\esemihum.ini
[2008/12/23 14:41:39 | 00,063,094 | -HS- | M] () -- C:\WINDOWS\System32\miwahone.dll
[2008/12/23 02:41:34 | 00,083,109 | -HS- | M] () -- C:\WINDOWS\System32\kunozisi.dll
[2008/12/22 20:04:00 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/12/22 15:10:33 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\opiveyun.ini
[2008/12/22 03:13:40 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/12/22 02:41:33 | 01,661,209 | -HS- | M] () -- C:\WINDOWS\System32\qdsmxpsi.ini
[2008/12/22 02:40:56 | 00,083,249 | -HS- | M] () -- C:\WINDOWS\System32\logapoyi.dll
[2008/12/21 17:51:58 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\World of Warcraft Trial.lnk
[2008/12/21 16:23:56 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\ayugayoh.ini
[2008/12/21 14:40:39 | 00,083,113 | -HS- | M] () -- C:\WINDOWS\System32\hoyaguya.dll
[2008/12/21 02:40:25 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\epayoham.ini
[2008/12/20 14:42:26 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\iferewep.ini
[2008/12/20 04:23:49 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\asaduyet.ini
[2008/12/20 02:39:18 | 00,083,064 | ---- | M] () -- C:\WINDOWS\System32\teyudasa.dll
[2008/12/19 14:45:04 | 01,661,209 | -HS- | M] () -- C:\WINDOWS\System32\nuyoyfge.ini
[2008/12/19 14:40:55 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\uvikutas.ini
[2008/12/18 09:54:07 | 00,083,252 | -HS- | M] () -- C:\WINDOWS\System32\lagesapu.dll
[2008/12/17 20:53:33 | 01,661,900 | -HS- | M] () -- C:\WINDOWS\System32\vuwrratq.ini
[2008/12/17 20:36:49 | 00,000,421 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/17 14:22:15 | 00,020,220 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\photo.jpg
[2008/12/17 09:13:48 | 01,615,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/17 01:41:21 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/16 23:28:01 | 00,020,689 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\sci exam.odt
[2008/12/16 20:44:18 | 00,019,239 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Sci Vocab.odt
[2008/12/16 20:44:17 | 00,000,116 | -H-- | M] () -- C:\Documents and Settings\Wilson\My Documents\.~lock.Sci Vocab.odt#
[2008/12/16 20:30:27 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\RSIT.exe
[2008/12/16 20:08:26 | 00,368,859 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\dds.scr
[2008/12/16 13:45:35 | 00,015,730 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Ishmael paper.odt
[2008/12/16 09:53:08 | 00,066,215 | -HS- | M] () -- C:\WINDOWS\System32\borazufu.dll
[2008/12/15 21:52:53 | 00,066,848 | -HS- | M] (ABBYY (BIT Software)) -- C:\WINDOWS\System32\nejopoyi.dll
[2008/12/15 18:45:32 | 00,101,184 | ---- | M] () -- C:\Documents and Settings\Wilson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/15 18:45:14 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/12/15 18:39:15 | 00,036,967 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Final exam review.odt
[2008/12/15 18:31:36 | 00,019,053 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\Litton.odt
[2008/12/15 18:01:10 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2008/12/15 17:36:17 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Printer Supplies - Inkjet.lnk
[2008/12/15 01:13:38 | 00,000,342 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/12/04 14:06:53 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\BHR Startup Programs.lnk
[2008/12/04 14:06:51 | 00,000,842 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\Browser Hijack Retaliator 4.5.lnk
[2008/12/04 13:47:06 | 01,195,686 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\cc_20081204_134527.reg
[2008/12/04 13:38:24 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\CCleaner.lnk
[2008/12/04 13:25:13 | 00,000,583 | ---- | M] () -- C:\WINDOWS\RegGenie.ini
[2008/12/04 12:47:04 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/04 12:47:04 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/04 10:50:51 | 00,425,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/04 10:50:51 | 00,071,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/04 10:50:49 | 00,506,022 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/04 10:21:21 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ucigenoguqutoqih.dll
[2008/12/03 23:28:52 | 00,000,021 | ---- | M] () -- C:\WINDOWS\System32\zxdnt3d.cfg
[2008/12/03 23:26:13 | 00,000,558 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/03 23:26:13 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/12/03 23:26:12 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/03 18:21:00 | 00,153,489 | ---- | M] () -- C:\WINDOWS\System32\g80.exe
[2008/12/03 17:22:20 | 00,000,861 | ---- | M] () -- C:\WINDOWS\System32\winpfz33.sys
[2008/12/03 17:19:56 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\bflkwx.exe
[2008/12/03 17:16:22 | 00,141,824 | ---- | M] () -- C:\WINDOWS\ohepiriq.dll
[2008/12/03 17:04:11 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Flakazohe.dll
[2008/12/03 17:03:26 | 00,035,241 | ---- | M] () -- C:\WINDOWS\System32\prunnet.exe
[2008/12/02 16:52:06 | 00,006,009 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\repell_004.swf
[2008/12/02 16:51:34 | 00,007,449 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\test_004.swf
[2008/12/02 16:50:48 | 00,007,464 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\test_005.swf
[2008/12/02 16:48:23 | 00,009,465 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\animateIn_03.swf
[2008/12/02 16:45:34 | 00,004,099 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\dinglePointclass_09.swf
[2008/12/02 16:42:04 | 00,005,159 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\test_002.swf
[2008/12/02 16:39:48 | 00,004,912 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\dinglePointclass_12.swf
< End of report >


OTViewIt Extras logfile created on: 12/27/2008 3:48:50 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Wilson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.98 Mb Total Physical Memory | 301.70 Mb Available Physical Memory | 39.39% Memory free
1.83 Gb Paging File | 1.40 Gb Available in Paging File | 76.32% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1349;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.79 Gb Total Space | 17.73 Gb Free Space | 52.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69.24 Gb Total Space | 52.34 Gb Free Space | 75.59% Space Free | Partition Type: NTFS
Drive F: | 5.27 Gb Total Space | 0.92 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGRED
Current User Name: Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = Reg Error: Key does not exist or could not be opened.] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\1147562001\ee\aim6.exe:*:Disabled:AIM
File not found -- C:\Program Files\Common Files\AOL\1147562001\ee\aolsoftware.exe:*:Disabled:AOL Services
File not found -- C:\Program Files\World of Warcraft\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Disabled:Blizzard Downloader
File not found -- C:\Program Files\World of Warcraft\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Disabled:Blizzard Downloader
File not found -- C:\Program Files\World of Warcraft\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe:*:Disabled:Blizzard Downloader
File not found -- C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.8.4.4878-enUS-downloader.exe:*:Disabled:Blizzard Downloader
File not found -- C:\Documents and Settings\Wilson\Local Settings\Temporary Internet Files\Content.IE5\CVUX4HMB\Arathi_Basin_new_EG-downloader[1].exe:*:Disabled:Blizzard Downloader
File not found -- C:\Documents and Settings\Wilson\Local Settings\Temporary Internet Files\Content.IE5\2HCNI5QZ\Zul'Gurub_English-downloader[1].exe:*:Disabled:Blizzard Downloader
File not found -- C:\Documents and Settings\Wilson\Desktop\Nefarian_EG-downloader.exe:*:Disabled:Blizzard Downloader
File not found -- C:\Program Files\Sierra\FEAR\fpupdate.exe:*:Disabled:fpupdate
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
File not found -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/05/23 10:52:44 | 01,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe:*:Enabled:IntelMEM
[2008/04/13 19:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui
[2008/04/13 19:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe:*:Enabled:mcsysmon
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe:*:Enabled:nmctxth
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32
[2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:explorer
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/03 13:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}"=Sony ACID XPress 5.0a
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}"=Canon CanoScan Toolbox 4.5
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}"=Intel® PROSet for Wired Connections
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Modem On Hold
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}"=Network Magic
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}"=Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{A683A2C0-821C-486F-858C-FA634DB5E864}"=EducateU
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0.7
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}"=ATI Catalyst Control Center
"{F44DA61E-720D-4E79-871F-F6E628B33242}"=OpenOffice.org 3.0
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"7-Zip"=7-Zip 4.44 beta
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop 7.0"=Adobe Photoshop 7.0
"Adobe Shockwave Player"=Adobe Shockwave Player
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"Browser Hijack Retaliator_is1"=Browser Hijack Retaliator 4.5.0 Build 471
"CCleaner"=CCleaner (remove only)
"Dell Photo Printer 720"=Dell Photo Printer 720
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"LastFM_is1"=Last.fm 1.5.1.29527
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"Network MagicUninstall"=Network Magic
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PROSet"=Intel® PRO Network Adapters and Drivers
"TweakNow RegCleaner Standard_is1"=TweakNow RegCleaner Standard
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Warcraft Trial"=World of Warcraft Trial

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Warcraft Trial"=World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2008 7:29:57 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application bhr.exe, version 4.5.0.471, faulting module unknown,
version 0.0.0.0, fault address 0x02ad2433.

Error - 12/24/2008 7:30:14 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.3.25, faulting module
unknown, version 0.0.0.0, fault address 0x04302433.

Error - 12/24/2008 7:31:22 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.7.142, faulting module
unknown, version 0.0.0.0, fault address 0x00d22433.

Error - 12/24/2008 7:31:29 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application nmapp.exe, version 4.5.7228.0, faulting module
unknown, version 0.0.0.0, fault address 0x02ee2433.

Error - 12/24/2008 7:31:30 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application qttask.exe, version 7.4.1.14, faulting module
unknown, version 0.0.0.0, fault address 0x01382433.

Error - 12/24/2008 9:47:17 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00bc3ef2.

Error - 12/24/2008 9:48:01 PM | Computer Name = BIGRED | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 12/24/2008 9:51:25 PM | Computer Name = BIGRED | Source = Application Error | ID = 1004
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00bc3ef2.

Error - 12/25/2008 7:00:47 AM | Computer Name = BIGRED | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2008 4:37:58 PM | Computer Name = BIGRED | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/24/2008 3:32:56 PM | Computer Name = BIGRED | Source = DCOM | ID = 10010
Description = The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register
with DCOM within the required timeout.

Error - 12/24/2008 4:37:53 PM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/24/2008 7:29:48 PM | Computer Name = BIGRED | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.

Error - 12/24/2008 9:52:14 PM | Computer Name = BIGRED | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 12/24/2008 9:52:18 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 12/24/2008 9:52:18 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 12/24/2008 9:56:48 PM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/25/2008 6:57:36 AM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/26/2008 8:44:18 PM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/27/2008 4:30:09 PM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 28, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 27, 2008 17:31:12
Records in database: 1521283
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 123131
Threat name: 4
Infected objects: 13
Suspicious objects: 0
Duration of the scan: 03:10:59


File name / Threat name / Threats count
C:\WINDOWS\system32\sokofosu.dll/C:\WINDOWS\system32\sokofosu.dll Infected: Trojan.Win32.Monder.afwb 9
C:\WINDOWS\system32\borazufu.dll Infected: Trojan.Win32.Monder.aedd 1
C:\WINDOWS\system32\g80.exe Infected: Trojan-Clicker.Win32.Agent.buk 1
C:\WINDOWS\system32\prunnet.exe Infected: Trojan.Win32.VB.hfs 1
C:\WINDOWS\system32\sokofosu.dll Infected: Trojan.Win32.Monder.afwb 1

The selected area was scanned.
sagasha
mysterious dust from space

#6 sagasha

sagasha
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, MI
  • Local time:03:20 PM

Posted 28 December 2008 - 11:03 PM

hello extremeboy... since my last post yesterday I ran the uninstall instructions for MS Antispyware 2009 that was listed on this site. I downloaded the Malware and it seemed to remove the MS Antispyware. I am still having irregular popups from various sources so I followed your instructions again and posted them below. I also posted the Malware log at the end if that's of any importance:


OTViewIt logfile created on: 12/28/2008 7:21:28 PM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Wilson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.98 Mb Total Physical Memory | 335.82 Mb Available Physical Memory | 43.84% Memory free
1.83 Gb Paging File | 1.41 Gb Available in Paging File | 76.87% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1349;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.79 Gb Total Space | 17.70 Gb Free Space | 52.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69.24 Gb Total Space | 52.34 Gb Free Space | 75.59% Space Free | Partition Type: NTFS
Drive F: | 5.27 Gb Total Space | 0.92 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGRED
Current User Name: Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2008/12/17 09:21:23 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe
[2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[2008/05/21 16:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/12/17 09:21:24 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/27 15:35:41 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/06/13 22:02:27 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/05/03 11:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/12/17 09:21:23 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2008/04/17 16:15:10 | 00,069,632 | ---- | M] (Macromedia) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [Auto | Running])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2002/12/17 16:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
[2002/12/17 16:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2008/05/21 16:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2002/12/17 16:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])

========== Driver Services ==========

[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/05/03 11:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2008/04/13 13:39:46 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dot4.sys -- (dot4 [On_Demand | Stopped])
[2001/08/17 13:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2001/08/17 13:47:32 | 00,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2004/02/10 22:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/03/06 05:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/06 05:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/06/16 04:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/01/01 16:03:21 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
[2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/06 05:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2008/05/16 05:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/05/16 05:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/08/02 23:00:36 | 00,232,192 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/09/17 15:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2005/01/27 22:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.my.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Start Page"=http://www.dell4me.com/myway

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Start Page"=http://www.dell4me.com/myway

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.my.yahoo.com

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{BC109875-E2C2-4897-AAC3-753DC03B2DAF} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB8A7D4C-6982-435E-8FF2-5BF0076BE290}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB8A7D4C-6982-435E-8FF2-5BF0076BE290}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BHR"=C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe File not found
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe (McAfee)
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nokipipiki"=Rundll32.exe "C:\WINDOWS\system32\telonapi.dll",s File not found

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nokipipiki"=Rundll32.exe "C:\WINDOWS\system32\telonapi.dll",s File not found

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020023 -iexplore.exe7.0 (Adobe Systems, Inc.)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020023 -iexplore.exe7.0 (Adobe Systems, Inc.)

========== (O4) Startup Folders ==========

[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Wilson\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"Homepage"=0
"History"=0

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0
"NoSelectDownloadDir"=0
"NoBrowserClose"=0
"NoViewSource"=0
"NoBrowserContextMenu"=0
"NoFileNew"=0
"NoFileOpen"=0
"NoBrowserSaveAs"=0
"NoFavorites"=0

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\policies\microsoft\internet explorer\Control Panel]
"Homepage"=0
"History"=0

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0
"NoSelectDownloadDir"=0
"NoBrowserClose"=0
"NoViewSource"=0
"NoBrowserContextMenu"=0
"NoFileNew"=0
"NoFileOpen"=0
"NoBrowserSaveAs"=0
"NoFavorites"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoToolbarCustomize"=0
"NoFileMenu"=0
"NoDesktop"=0
"NoActiveDesktop"=0
"NoSaveSettings"=0
"NoLowDiskSpaceChecks"=0
"DisallowRun"=0
"NoBandCustomize"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoToolbarCustomize"=0
"NoFileMenu"=0
"NoDesktop"=0
"NoActiveDesktop"=0
"NoSaveSettings"=0
"NoLowDiskSpaceChecks"=0
"DisallowRun"=0
"NoBandCustomize"=0

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
&Translate English Word: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Backward Links: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Cached Snapshot of Page: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Similar Pages: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Translate Page into English: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
&Translate English Word: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Backward Links: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Cached Snapshot of Page: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Similar Pages: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Translate Page into English: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://a1540.g.akamai.net/7/1540/52/200610...ex/qtplugin.cab -- QuickTime Object
{05D44720-58E3-49E6-BDF6-D00330E511D3}: http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab -- StagingUI Object
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}: http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab -- ZoneBuddy Class
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{55027008-315F-4F45-BBC3-8BE119764741}: http://www.slide.com/uploader/SlideImageUploader.cab -- Slide Image Uploader Control
{5736C456-EA94-4AAC-BB08-917ABDD035B3}: http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab -- ZonePAChat Object
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4}: http://catalog.update.microsoft.com/v7/sit...b?1199302321453 -- MUCatalogWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1229495589656 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{CAC181B0-4D70-402D-B571-C596A47D0CE0}: http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab -- CBankshotZoneCtrl Class
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CD995117-98E5-4169-9920-6C12D4C0B548}: http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab -- HGPlugin9USA Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}: http://zone.msn.com/binframework/v10/StProxy.cab41227.cab -- StadiumProxy Class
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}: https://aimprods01.webex.com/client/v_myweb...bex/ieatgpc.cab -- GpcContainer Class

========== (O17) DNS Name Servers ==========

{7FFF62B2-ABE6-4249-B1D3-C549C60E9540} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\wivanowo.dll fbbyrb.dll rcwpib.dll xdgdcj.dll bfwpxs.dll vqeaxw.dll ucsxka.dll epvdzq.dll zvsjip.dll bmlzhi.dll ilhxtg.dll yjptmd.dll
>File not found -- C:\WINDOWS\system32\wivanowo.dll
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
tuvUmLET: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
yayvSjji: "DllName" = yayvSjji.dll -- File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\urqOHXOg,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [SET PATH=%PATH%;C:\PROGRA~1\COMMON~1\AUTODE~1 | ]
[2006/05/16 12:25:11 | 00,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- F:\AUTOEXEC.BAT -- [ FAT32 ]

Autorun.inf [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ]
[2002/09/11 04:02:32 | 00,000,045 | -HS- | M] () -- F:\Autorun.inf -- [ FAT32 ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\AutoRun\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\install\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualEnglish\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualFrench\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualSpanish\command]
""=G:\rcaeasyrip_setup.exe -- File not found



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\Info.exe -- [2002/09/10 22:54:58 | 00,040,960 | -HS- | M] (XSS)

========== Files/Folders - Created Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2008/12/28 19:18:04 | 00,000,000 | ---D | C] -- C:\Program Files\DellSupport
[2008/12/28 17:22:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/28 17:22:09 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/28 17:22:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/28 17:22:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/28 17:20:01 | 02,538,872 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wilson\Desktop\mbam-setup.exe
[2008/12/27 15:35:35 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe
[2008/12/24 15:33:44 | 01,661,209 | -HS- | C] () -- C:\WINDOWS\System32\yktoroxi.ini
[2008/12/23 14:42:08 | 01,603,458 | -HS- | C] () -- C:\WINDOWS\System32\esemihum.ini
[2008/12/22 15:10:28 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\opiveyun.ini
[2008/12/21 17:51:57 | 00,000,705 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\World of Warcraft Trial.lnk
[2008/12/21 17:50:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2008/12/21 17:50:12 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Trial
[2008/12/21 17:16:19 | 01,661,209 | -HS- | C] () -- C:\WINDOWS\System32\qdsmxpsi.ini
[2008/12/21 02:40:14 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\epayoham.ini
[2008/12/20 14:42:19 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\iferewep.ini
[2008/12/19 14:44:52 | 01,661,209 | -HS- | C] () -- C:\WINDOWS\System32\nuyoyfge.ini
[2008/12/19 14:40:27 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\uvikutas.ini
[2008/12/17 20:55:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\McAfee
[2008/12/17 20:53:13 | 01,661,900 | -HS- | C] () -- C:\WINDOWS\System32\vuwrratq.ini
[2008/12/17 20:39:25 | 00,908,466 | -HS- | C] () -- C:\WINDOWS\System32\gOXHOqru.ini2
[2008/12/17 14:22:15 | 00,020,220 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\photo.jpg
[2008/12/17 09:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\Malwarebytes
[2008/12/17 09:24:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/17 01:38:22 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/12/17 01:28:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\InstallShield
[2008/12/16 23:22:36 | 00,020,689 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\sci exam.odt
[2008/12/16 20:44:17 | 00,000,116 | -H-- | C] () -- C:\Documents and Settings\Wilson\My Documents\.~lock.Sci Vocab.odt#
[2008/12/16 20:44:16 | 00,019,239 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Sci Vocab.odt
[2008/12/16 20:31:28 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/16 20:31:28 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/12/16 20:30:27 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\RSIT.exe
[2008/12/16 20:13:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\Uniblue
[2008/12/16 20:08:25 | 00,368,859 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\dds.scr
[2008/12/16 14:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\AdobeUM
[2008/12/15 19:38:35 | 00,015,730 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Ishmael paper.odt
[2008/12/15 18:45:14 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/12/15 18:45:14 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/12/15 18:39:12 | 00,036,967 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Final exam review.odt
[2008/12/15 18:31:35 | 00,019,053 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\Litton.odt
[2008/12/15 18:03:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\OpenOffice.org
[2008/12/15 18:01:10 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2008/12/15 17:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2008/12/15 17:56:33 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2008/12/15 17:28:21 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2008/12/15 17:28:20 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2008/12/15 17:28:19 | 00,000,000 | ---D | C] -- C:\Program Files\Dell 720
[2008/12/15 17:27:08 | 00,000,000 | ---D | C] -- C:\Dell720
[2008/12/04 14:06:51 | 00,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2008/12/04 13:45:31 | 01,195,686 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\cc_20081204_134527.reg
[2008/12/04 13:30:57 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\CCleaner.lnk
[2008/12/04 13:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/04 13:25:12 | 00,000,583 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2008/12/04 13:21:11 | 00,158,720 | ---- | C] () -- C:\WINDOWS\RegGenieOnUninstall.exe
[2008/12/04 12:47:04 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2008/12/04 12:47:04 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2008/12/04 12:46:56 | 00,908,466 | -HS- | C] () -- C:\WINDOWS\System32\gOXHOqru.ini
[2008/12/04 10:21:20 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ucigenoguqutoqih.dll
[2008/12/04 00:54:56 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clb.dll
[2008/12/04 00:54:56 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clb.dll
[2008/12/04 00:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Local Settings\Application Data\FreeFixer
[2008/12/03 23:34:02 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/03 18:20:59 | 00,153,489 | ---- | C] () -- C:\WINDOWS\System32\g80.exe
[2008/12/03 17:16:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Local Settings\Application Data\{B4151342-AE5B-49AB-B574-3BB9B3A96AC1}
[2008/12/03 17:16:21 | 00,141,824 | ---- | C] () -- C:\WINDOWS\ohepiriq.dll
[2008/12/03 17:12:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\uv9
[2008/12/03 17:12:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dv
[2008/12/03 17:12:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ki3
[2008/12/03 17:12:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\VC
[2008/12/03 17:12:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bin
[2008/12/03 17:03:49 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\wwffhigt.job
[2008/12/02 16:52:06 | 00,006,009 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\repell_004.swf
[2008/12/02 16:51:34 | 00,007,449 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\test_004.swf
[2008/12/02 16:50:48 | 00,007,464 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\test_005.swf
[2008/12/02 16:48:23 | 00,009,465 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\animateIn_03.swf
[2008/12/02 16:45:34 | 00,004,099 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\dinglePointclass_09.swf
[2008/12/02 16:42:04 | 00,005,159 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\test_002.swf
[2008/12/02 16:39:47 | 00,004,912 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\dinglePointclass_12.swf

========== Files - Modified Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2008/12/28 19:09:17 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/28 19:08:43 | 00,017,893 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/12/28 19:07:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/28 19:07:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/28 19:07:04 | 80,326,2464 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/28 19:05:32 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wedadopi
[2008/12/28 19:00:01 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\wwffhigt.job
[2008/12/28 17:22:09 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/28 17:20:03 | 02,538,872 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wilson\Desktop\mbam-setup.exe
[2008/12/28 17:13:17 | 00,000,642 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2008/12/27 15:35:41 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe
[2008/12/25 17:52:36 | 00,063,042 | -HS- | M] () -- C:\WINDOWS\System32\wukanipo.dll
[2008/12/25 13:51:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/24 18:27:28 | 00,908,466 | -HS- | M] () -- C:\WINDOWS\System32\gOXHOqru.ini
[2008/12/24 18:27:22 | 00,908,466 | -HS- | M] () -- C:\WINDOWS\System32\gOXHOqru.ini2
[2008/12/24 15:33:55 | 01,661,209 | -HS- | M] () -- C:\WINDOWS\System32\yktoroxi.ini
[2008/12/23 18:35:52 | 01,603,458 | -HS- | M] () -- C:\WINDOWS\System32\esemihum.ini
[2008/12/23 14:41:39 | 00,063,094 | -HS- | M] () -- C:\WINDOWS\System32\miwahone.dll
[2008/12/22 20:04:00 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/12/22 15:10:33 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\opiveyun.ini
[2008/12/22 03:13:40 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/12/22 02:41:33 | 01,661,209 | -HS- | M] () -- C:\WINDOWS\System32\qdsmxpsi.ini
[2008/12/21 17:51:58 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\World of Warcraft Trial.lnk
[2008/12/21 02:40:25 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\epayoham.ini
[2008/12/20 14:42:26 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\iferewep.ini
[2008/12/19 14:45:04 | 01,661,209 | -HS- | M] () -- C:\WINDOWS\System32\nuyoyfge.ini
[2008/12/19 14:40:55 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\uvikutas.ini
[2008/12/17 20:53:33 | 01,661,900 | -HS- | M] () -- C:\WINDOWS\System32\vuwrratq.ini
[2008/12/17 20:36:49 | 00,000,421 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/17 14:22:15 | 00,020,220 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\photo.jpg
[2008/12/17 09:13:48 | 01,615,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/17 01:41:21 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/16 23:28:01 | 00,020,689 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\sci exam.odt
[2008/12/16 20:44:18 | 00,019,239 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Sci Vocab.odt
[2008/12/16 20:44:17 | 00,000,116 | -H-- | M] () -- C:\Documents and Settings\Wilson\My Documents\.~lock.Sci Vocab.odt#
[2008/12/16 20:30:27 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\RSIT.exe
[2008/12/16 20:08:26 | 00,368,859 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\dds.scr
[2008/12/16 13:45:35 | 00,015,730 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Ishmael paper.odt
[2008/12/15 21:52:53 | 00,066,848 | -HS- | M] (ABBYY (BIT Software)) -- C:\WINDOWS\System32\nejopoyi.dll
[2008/12/15 18:45:32 | 00,101,184 | ---- | M] () -- C:\Documents and Settings\Wilson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/15 18:45:14 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/12/15 18:39:15 | 00,036,967 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Final exam review.odt
[2008/12/15 18:31:36 | 00,019,053 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\Litton.odt
[2008/12/15 18:01:10 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2008/12/15 01:13:38 | 00,000,342 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/12/04 13:47:06 | 01,195,686 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\cc_20081204_134527.reg
[2008/12/04 13:38:24 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\CCleaner.lnk
[2008/12/04 13:25:13 | 00,000,583 | ---- | M] () -- C:\WINDOWS\RegGenie.ini
[2008/12/04 12:47:04 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/04 12:47:04 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/04 10:50:51 | 00,425,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/04 10:50:51 | 00,071,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/04 10:50:49 | 00,506,022 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/04 10:21:21 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ucigenoguqutoqih.dll
[2008/12/03 23:26:13 | 00,000,558 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/03 23:26:13 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/12/03 23:26:12 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/03 19:53:40 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:53:36 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 18:21:00 | 00,153,489 | ---- | M] () -- C:\WINDOWS\System32\g80.exe
[2008/12/03 17:16:22 | 00,141,824 | ---- | M] () -- C:\WINDOWS\ohepiriq.dll
[2008/12/02 16:52:06 | 00,006,009 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\repell_004.swf
[2008/12/02 16:51:34 | 00,007,449 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\test_004.swf
[2008/12/02 16:50:48 | 00,007,464 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\test_005.swf
[2008/12/02 16:48:23 | 00,009,465 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\animateIn_03.swf
[2008/12/02 16:45:34 | 00,004,099 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\dinglePointclass_09.swf
[2008/12/02 16:42:04 | 00,005,159 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\test_002.swf
[2008/12/02 16:39:48 | 00,004,912 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\dinglePointclass_12.swf
< End of report >


OTViewIt Extras logfile created on: 12/28/2008 7:21:28 PM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Wilson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.98 Mb Total Physical Memory | 335.82 Mb Available Physical Memory | 43.84% Memory free
1.83 Gb Paging File | 1.41 Gb Available in Paging File | 76.87% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1349;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.79 Gb Total Space | 17.70 Gb Free Space | 52.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69.24 Gb Total Space | 52.34 Gb Free Space | 75.59% Space Free | Partition Type: NTFS
Drive F: | 5.27 Gb Total Space | 0.92 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGRED
Current User Name: Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = Reg Error: Key does not exist or could not be opened.] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\1147562001\ee\aim6.exe:*:Disabled:AIM
File not found -- C:\Program Files\Common Files\AOL\1147562001\ee\aolsoftware.exe:*:Disabled:AOL Services
File not found -- C:\Program Files\World of Warcraft\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Disabled:Blizzard Downloader
File not found -- C:\Program Files\World of Warcraft\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Disabled:Blizzard Downloader
File not found -- C:\Program Files\World of Warcraft\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe:*:Disabled:Blizzard Downloader
File not found -- C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.8.4.4878-enUS-downloader.exe:*:Disabled:Blizzard Downloader
File not found -- C:\Documents and Settings\Wilson\Local Settings\Temporary Internet Files\Content.IE5\CVUX4HMB\Arathi_Basin_new_EG-downloader[1].exe:*:Disabled:Blizzard Downloader
File not found -- C:\Documents and Settings\Wilson\Local Settings\Temporary Internet Files\Content.IE5\2HCNI5QZ\Zul'Gurub_English-downloader[1].exe:*:Disabled:Blizzard Downloader
File not found -- C:\Documents and Settings\Wilson\Desktop\Nefarian_EG-downloader.exe:*:Disabled:Blizzard Downloader
File not found -- C:\Program Files\Sierra\FEAR\fpupdate.exe:*:Disabled:fpupdate
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
File not found -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/05/23 10:52:44 | 01,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe:*:Enabled:IntelMEM
[2008/04/13 19:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui
[2008/04/13 19:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe:*:Enabled:mcsysmon
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe:*:Enabled:nmctxth
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32
[2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:explorer
[2007/01/16 12:59:50 | 04,838,952 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/03 13:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}"=Sony ACID XPress 5.0a
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}"=Canon CanoScan Toolbox 4.5
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}"=Intel® PROSet for Wired Connections
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Modem On Hold
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}"=Network Magic
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}"=Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0.7
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}"=ATI Catalyst Control Center
"{F44DA61E-720D-4E79-871F-F6E628B33242}"=OpenOffice.org 3.0
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"7-Zip"=7-Zip 4.44 beta
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop 7.0"=Adobe Photoshop 7.0
"Adobe Shockwave Player"=Adobe Shockwave Player
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"CCleaner"=CCleaner (remove only)
"Dell Photo Printer 720"=Dell Photo Printer 720
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"LastFM_is1"=Last.fm 1.5.1.29527
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"Network MagicUninstall"=Network Magic
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PROSet"=Intel® PRO Network Adapters and Drivers
"TweakNow RegCleaner Standard_is1"=TweakNow RegCleaner Standard
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Warcraft Trial"=World of Warcraft Trial

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Warcraft Trial"=World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2008 7:30:14 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.3.25, faulting module
unknown, version 0.0.0.0, fault address 0x04302433.

Error - 12/24/2008 7:31:22 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.7.142, faulting module
unknown, version 0.0.0.0, fault address 0x00d22433.

Error - 12/24/2008 7:31:29 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application nmapp.exe, version 4.5.7228.0, faulting module
unknown, version 0.0.0.0, fault address 0x02ee2433.

Error - 12/24/2008 7:31:30 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application qttask.exe, version 7.4.1.14, faulting module
unknown, version 0.0.0.0, fault address 0x01382433.

Error - 12/24/2008 9:47:17 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00bc3ef2.

Error - 12/24/2008 9:48:01 PM | Computer Name = BIGRED | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 12/24/2008 9:51:25 PM | Computer Name = BIGRED | Source = Application Error | ID = 1004
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00bc3ef2.

Error - 12/25/2008 7:00:47 AM | Computer Name = BIGRED | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2008 4:37:58 PM | Computer Name = BIGRED | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2008 4:43:01 PM | Computer Name = BIGRED | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/28/2008 8:18:41 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/28/2008 8:18:41 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/28/2008 8:18:41 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/28/2008 8:18:41 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/28/2008 8:18:41 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/28/2008 8:18:41 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/28/2008 8:18:41 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/28/2008 8:18:41 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/28/2008 8:18:41 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/28/2008 8:18:42 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 28, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 28, 2008 19:57:37
Records in database: 1525514
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 121906
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:02:38


File name / Threat name / Threats count
C:\WINDOWS\system32\g80.exe Infected: Trojan-Clicker.Win32.Agent.buk 1

The selected area was scanned.



Malwarebytes' Anti-Malware 1.31
Database version: 1563
Windows 5.1.2600 Service Pack 3

12/28/2008 7:04:02 PM
mbam-log-2008-12-28 (19-04-02).txt

Scan type: Quick Scan
Objects scanned: 51605
Time elapsed: 9 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 15
Registry Values Infected: 5
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 48

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\biyedepu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\batimeyu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\telonapi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\yabafoga.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tobirugo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\sokofosu.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aaddbd5a-509e-44d7-b930-9142f8e2186f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{aaddbd5a-509e-44d7-b930-9142f8e2186f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aaddbd5a-509e-44d7-b930-9142f8e2186f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nokipipiki (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm8f7c9f82 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc5bnj0ev57 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\biyedepu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\biyedepu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\biyedepu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\yabafoga.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\yabafoga.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\batimeyu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uyemitab.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoyaguya.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ayugayoh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoziroki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ikorizoh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hozopebe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebepozoh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kawarezu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uzerawak.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pahekuve.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evukehap.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\subalavi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivalabus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tapibugi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igubipat.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\teyudasa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\asaduyet.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winusime.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emisuniw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\telonapi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tobirugo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\biyedepu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\yabafoga.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\sokofosu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\Flakazohe.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\logapoyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gelapele.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kunozisi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\neletato.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\borazufu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fujewipe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fujobila.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lagesapu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lagoguze.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yijefaze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yikujode.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuwehosu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zefehewu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\bflkwx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.


thanks again
sagasha
mysterious dust from space

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 PM

Posted 29 December 2008 - 08:37 PM

Hello again.

I am really sorry for this long delay. I wasn't feeling well yesterday after I came back from an location, so I didn't want to go on the web. I then had a cold so I don't want to go on. I know you were probably anxious to try to fix your machine but please refrain from making any changes to your computer this will get you the instructions faster and we can get your machine cleaned faster as well but once again I'm very sorry for the delay.

You are still heavily infected with Vundo even after running MBAM. Please do not make any CHANGES from now on! This makes my life and yours more difficult.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Next we will run Combofix.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Please post back with:
-Combofix log
-New OTViewIT logs
-Problems you have currently.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 sagasha

sagasha
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, MI
  • Local time:03:20 PM

Posted 30 December 2008 - 01:40 AM

extremeboy, here are the txt files you requested. still getting weird popups and Spybot keeps finding and deleting the Vundo files you mentioned. they always reappear though.


ComboFix 08-12-29.02 - Wilson 2008-12-30 1:26:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1621 [GMT -5:00]
Running from: c:\documents and settings\Wilson\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\windows\Downloaded Program Files\MyWebEx
c:\windows\Downloaded Program Files\MyWebEx\491\atarm.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atas32.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atasanot.exe
c:\windows\Downloaded Program Files\MyWebEx\491\atasctrl.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atasnt40.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atcarmcl.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atdl2006.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atjpeg60.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atkbctl.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atlchat.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atmemmgr.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atnetext.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atpack.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atres.dll
c:\windows\Downloaded Program Files\MyWebEx\491\attp.dll
c:\windows\Downloaded Program Files\MyWebEx\491\atwbxui5.dll
c:\windows\Downloaded Program Files\MyWebEx\491\ieatgpc.dll
c:\windows\Downloaded Program Files\MyWebEx\491\mwm.ini
c:\windows\Downloaded Program Files\MyWebEx\491\mwmcliun.exe
c:\windows\Downloaded Program Files\MyWebEx\491\mwmHook.dll
c:\windows\Downloaded Program Files\MyWebEx\491\mwmproxy.dll
c:\windows\Downloaded Program Files\MyWebEx\491\mwmres.dll
c:\windows\Downloaded Program Files\MyWebEx\491\mwmtrace.txt
c:\windows\Downloaded Program Files\MyWebEx\491\mwmupd.exe
c:\windows\Downloaded Program Files\MyWebEx\491\ratrace.dll
c:\windows\Downloaded Program Files\MyWebEx\491\raurl.dll
c:\windows\Downloaded Program Files\MyWebEx\491\uilibres.dll
c:\windows\Downloaded Program Files\MyWebEx\491\wbxcrypt.dll
c:\windows\Downloaded Program Files\MyWebEx\491\webexmgr.dll
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\bin
c:\windows\system32\bowowoji.dll
c:\windows\system32\dutesora.dll
c:\windows\system32\dv
c:\windows\system32\dv\BPI7C44.exe
c:\windows\system32\ki3
c:\windows\system32\miwahone.dll
c:\windows\system32\nejopoyi.dll
c:\windows\system32\uv9
c:\windows\system32\VC
c:\windows\system32\wukanipo.dll
c:\windows\Tasks\wwffhigt.job
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-30 01:13 . 2008-12-30 01:13 <DIR> d-------- c:\windows\LastGood
2008-12-30 01:13 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-30 01:13 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-30 00:45 . 2008-12-30 00:46 <DIR> d-------- c:\windows\system32\Adobe
2008-12-29 16:36 . 2008-12-29 16:36 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-29 16:36 . 2008-12-29 16:36 1,409 --a------ c:\windows\QTFont.for
2008-12-28 19:18 . 2008-12-28 19:18 <DIR> d-------- c:\program files\DellSupport
2008-12-28 19:05 . 2008-12-28 19:05 <DIR> d-------- c:\documents and settings\LocalService\Application Data\McAfee
2008-12-28 17:22 . 2008-12-28 17:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 17:22 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 17:22 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-21 17:50 . 2008-12-21 21:37 <DIR> d-------- c:\program files\World of Warcraft Trial
2008-12-21 17:50 . 2008-12-21 17:50 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-12-17 20:55 . 2008-12-28 16:57 <DIR> d-------- c:\documents and settings\Wilson\Application Data\McAfee
2008-12-17 09:24 . 2008-12-17 09:24 <DIR> d-------- c:\documents and settings\Wilson\Application Data\Malwarebytes
2008-12-17 09:24 . 2008-12-17 09:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 09:22 . 2008-12-17 09:21 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-17 01:28 . 2008-12-17 01:28 <DIR> d-------- c:\documents and settings\Wilson\Application Data\InstallShield
2008-12-16 20:31 . 2008-12-16 20:31 <DIR> d-------- C:\rsit
2008-12-16 20:31 . 2008-12-16 20:31 <DIR> d-------- c:\program files\trend micro
2008-12-16 20:13 . 2008-12-16 20:13 <DIR> d-------- c:\documents and settings\Wilson\Application Data\Uniblue
2008-12-16 14:21 . 2008-12-16 14:21 <DIR> d-------- c:\documents and settings\Wilson\Application Data\AdobeUM
2008-12-15 18:03 . 2008-12-15 18:03 <DIR> d-------- c:\documents and settings\Wilson\Application Data\OpenOffice.org
2008-12-15 17:57 . 2008-12-15 17:57 <DIR> d-------- c:\program files\JRE
2008-12-15 17:56 . 2008-12-15 17:56 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-12-15 17:28 . 2008-12-15 17:28 <DIR> d-------- c:\program files\Dell 720
2008-12-15 17:28 . 2004-03-04 11:30 311,296 --a------ c:\windows\system32\LEXBCES.EXE
2008-12-15 17:28 . 2004-03-04 11:25 201,216 --a------ c:\windows\system32\LEXP2P32.DLL
2008-12-15 17:28 . 2004-03-04 11:34 197,120 --a------ c:\windows\system32\LEX2KUSB.DLL
2008-12-15 17:28 . 2003-03-26 14:29 192,512 --a------ c:\windows\system32\lexlmpm.dll
2008-12-15 17:28 . 2004-03-04 11:26 174,592 --a------ c:\windows\system32\LEXPPS.EXE
2008-12-15 17:28 . 2004-03-04 11:27 147,456 --a------ c:\windows\system32\LEXBCE.DLL
2008-12-15 17:28 . 2004-05-27 05:06 73,728 --a------ c:\windows\system32\dlbcpwr.dll
2008-12-15 17:28 . 2004-05-27 05:25 57,344 --a------ c:\windows\system32\dlbccinf.dll
2008-12-15 17:28 . 2004-05-27 05:25 49,152 --a------ c:\windows\system32\dlbccoin.dll
2008-12-15 17:28 . 2002-11-13 15:40 40,960 --a------ c:\windows\system32\dlbcvs.dll
2008-12-15 17:28 . 2004-02-10 15:08 373 --a------ c:\windows\system32\dlbccoin.ini
2008-12-15 17:27 . 2008-12-15 17:27 <DIR> d-------- C:\Dell720
2008-12-04 14:06 . 2004-03-09 13:00 132,880 --a------ c:\windows\system32\MSINET.OCX
2008-12-04 13:30 . 2008-12-04 13:30 <DIR> d-------- c:\program files\CCleaner
2008-12-04 13:25 . 2008-12-04 13:25 583 --a------ c:\windows\RegGenie.ini
2008-12-04 13:21 . 2008-11-27 04:35 158,720 --a------ c:\windows\RegGenieOnUninstall.exe
2008-12-04 10:21 . 2008-12-04 10:21 132,608 --a------ c:\windows\ucigenoguqutoqih.dll
2008-12-04 00:54 . 2001-08-17 22:36 10,752 --a------ c:\windows\system32\dllcache\clb.dll
2008-12-04 00:54 . 2001-08-17 22:36 10,752 --a------ c:\windows\system32\clb.dll
2008-12-03 18:20 . 2008-12-03 18:21 153,489 --a------ c:\windows\system32\g80.exe
2008-12-03 17:16 . 2008-12-03 17:16 141,824 --a------ c:\windows\ohepiriq.dll
2008-11-12 17:49 . 2008-11-12 17:49 26,427 --a------ c:\windows\CSTBox.INI
2008-11-12 14:08 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 14:07 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 07:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-29 00:18 --------- d-----w c:\program files\Dell
2008-12-28 21:57 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-28 21:47 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-18 01:52 --------- d-----w c:\documents and settings\Wilson\Application Data\TweakNow WinSecret
2008-12-17 14:21 --------- d-----w c:\program files\Java
2008-12-17 06:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-17 06:29 --------- d-----w c:\program files\CyberLink
2008-12-12 01:06 --------- d-----w c:\documents and settings\Wilson\Application Data\Apple Computer
2008-12-04 04:40 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-24 21:49 --------- d-----w c:\documents and settings\Wilson\Application Data\Sony
2008-11-24 21:27 --------- d-----w c:\program files\Sony
2008-11-24 21:26 --------- d-----w c:\program files\Sony Setup
2008-11-15 21:45 --------- d-----w c:\documents and settings\Wilson\Application Data\Canon
2008-11-13 18:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 07:08 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 22:52 63,042 --sha-w c:\windows\system32\sayiwido.dll.tmp
2008-09-25 22:52 63,042 --sha-w c:\windows\system32\riyijuvu.dll.tmp
2008-09-25 22:52 63,042 --sha-w c:\windows\system32\kafawagi.dll.tmp
2008-09-25 22:52 6,144 --sha-w c:\windows\system32\kiganopo.dll
2008-09-23 19:41 63,094 --sha-w c:\windows\system32\wemupovi.dll.tmp
2008-09-23 19:41 63,094 --sha-w c:\windows\system32\vehujega.dll.tmp
2008-09-23 19:41 63,094 --sha-w c:\windows\system32\vatafuvu.dll.tmp
2008-09-16 02:53 66,848 --sha-w c:\windows\system32\widinole.dll.tmp
2008-09-16 02:53 66,848 --sha-w c:\windows\system32\hotomoho.dll.tmp
2008-09-16 02:53 66,848 --sha-w c:\windows\system32\guvumuso.dll.tmp
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 00:59 63,488 --sha-w c:\windows\system32\dapapifu.dll.tmp
2008-09-04 00:58 63,488 --sha-w c:\windows\system32\miluyeso.dll.tmp
2008-09-04 00:58 63,488 --sha-w c:\windows\system32\bipesaga.dll.tmp
2008-07-07 14:48 2 --shatr c:\windows\winstart.bat
2008-09-25 22:52 6,144 --sha-w c:\windows\system32\kiganopo.dll
2008-08-31 16:36 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]

c:\documents and settings\Wilson\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-13 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk.disabled]
backup=c:\windows\pss\Microsoft Find Fast.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk.disabled]
backup=c:\windows\pss\Office Startup.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^Deewoo.lnk]
backup=c:\windows\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^DW_Start.lnk]
backup=c:\windows\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 16:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2006-01-06 14:07 188416 c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 09:36 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 09:35 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nfukekojotohun]
--a------ 2008-12-03 17:16 141824 c:\windows\ohepiriq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 22:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 20:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2005-10-24 15:53 307200 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MBkLogOnHook"=c:\program files\McAfee\MBK\LogOnHook.exe
"mcagent_exe"=c:\program files\McAfee.com\Agent\mcagent.exe /runkey

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcsysmon.exe"=
"c:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmctxth.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

S1 diskdumpp;diskdumpp;c:\windows\system32\drivers\diskdumpp.sys []
S1 mutohpenn;mutohpenn;c:\windows\system32\drivers\mutohpenn.sys []
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}]
\Shell\AutoRun\command - G:\rcaeasyrip_setup.exe
\Shell\install\command - G:\rcaeasyrip_setup.exe
\Shell\usermanualEnglish\command - G:\rcaeasyrip_setup.exe /pdf_English
\Shell\usermanualFrench\command - G:\rcaeasyrip_setup.exe /pdf_French
\Shell\usermanualSpanish\command - G:\rcaeasyrip_setup.exe /pdf_Spanish
.
Contents of the 'Scheduled Tasks' folder

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-29 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{BC109875-E2C2-4897-AAC3-753DC03B2DAF} - (no file)
WebBrowser-{DB8A7D4C-6982-435E-8FF2-5BF0076BE290} - (no file)
Notify-!SASWinLogon - (no file)
Notify-tuvUmLET - (no file)
Notify-yayvSjji - yayvSjji.dll
MSConfigStartUp-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
MSConfigStartUp-HPHmon04 - c:\windows\system32\hphmon04.exe
MSConfigStartUp-Mvugocopolog - c:\windows\Flakazohe.dll
MSConfigStartUp-nokipipiki - c:\windows\system32\wivanowo.dll
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\HOMERunner.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.my.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\google\googletoolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\googletoolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\googletoolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\googletoolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\googletoolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\googletoolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 01:29:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-30 1:31:11
ComboFix-quarantined-files.txt 2008-12-30 06:30:23

Pre-Run: 17,563,766,784 bytes free
Post-Run: 17,548,873,728 bytes free

329 --- E O F --- 2008-11-13 08:05:15




OTViewIt logfile created on: 12/30/2008 1:33:35 AM - Run 5
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Wilson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.16% Memory free
2.97 Gb Paging File | 2.60 Gb Available in Paging File | 87.49% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1349;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.79 Gb Total Space | 16.36 Gb Free Space | 48.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69.24 Gb Total Space | 52.34 Gb Free Space | 75.59% Space Free | Partition Type: NTFS
Drive F: | 5.27 Gb Total Space | 0.92 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGRED
Current User Name: Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[2008/05/21 16:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/12/17 09:21:24 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/12/17 09:21:23 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2007/11/01 18:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/27 15:35:41 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/06/13 22:02:27 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/05/03 11:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/12/17 09:21:23 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2008/04/17 16:15:10 | 00,069,632 | ---- | M] (Macromedia) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [Auto | Running])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [Disabled | Stopped])
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2002/12/17 16:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
[2002/12/17 16:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2008/05/21 16:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2002/12/17 16:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/05/03 11:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2008/04/13 13:39:46 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dot4.sys -- (dot4 [On_Demand | Stopped])
[2001/08/17 13:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2001/08/17 13:47:32 | 00,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2004/02/10 22:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/03/06 05:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/06 05:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/06/16 04:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/01/01 16:03:21 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
[2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/06 05:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2008/05/16 05:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/05/16 05:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/08/02 23:00:36 | 00,232,192 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/09/17 15:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2005/01/27 22:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.my.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.my.yahoo.com

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{BC109875-E2C2-4897-AAC3-753DC03B2DAF} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020023 -iexplore.exe7.0 (Adobe Systems, Inc.)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020023 -iexplore.exe7.0 (Adobe Systems, Inc.)

========== (O4) Startup Folders ==========

[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Wilson\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"History"=0

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\policies\microsoft\internet explorer\Control Panel]
"History"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoFileMenu"=0
"NoLowDiskSpaceChecks"=0
"NoBandCustomize"=0
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoFileMenu"=0
"NoLowDiskSpaceChecks"=0
"NoBandCustomize"=0
"NoDriveTypeAutoRun"=323
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
&Translate English Word: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Backward Links: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Cached Snapshot of Page: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Similar Pages: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Translate Page into English: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
&Translate English Word: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Backward Links: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Cached Snapshot of Page: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Similar Pages: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Translate Page into English: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://a1540.g.akamai.net/7/1540/52/200610...ex/qtplugin.cab -- QuickTime Object
{05D44720-58E3-49E6-BDF6-D00330E511D3}: http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab -- StagingUI Object
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}: http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab -- ZoneBuddy Class
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{55027008-315F-4F45-BBC3-8BE119764741}: http://www.slide.com/uploader/SlideImageUploader.cab -- Slide Image Uploader Control
{5736C456-EA94-4AAC-BB08-917ABDD035B3}: http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab -- ZonePAChat Object
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4}: http://catalog.update.microsoft.com/v7/sit...b?1199302321453 -- MUCatalogWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1229495589656 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{CAC181B0-4D70-402D-B571-C596A47D0CE0}: http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab -- CBankshotZoneCtrl Class
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CD995117-98E5-4169-9920-6C12D4C0B548}: http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab -- HGPlugin9USA Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}: http://zone.msn.com/binframework/v10/StProxy.cab41227.cab -- StadiumProxy Class
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}: https://aimprods01.webex.com/client/v_myweb...bex/ieatgpc.cab -- GpcContainer Class

========== (O17) DNS Name Servers ==========

{7FFF62B2-ABE6-4249-B1D3-C549C60E9540} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
tuvUmLET: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
yayvSjji: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [SET PATH=%PATH%;C:\PROGRA~1\COMMON~1\AUTODE~1 | ]
[2006/05/16 12:25:11 | 00,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []
[2008/12/30 00:41:41 | 00,000,000 | RHSD | M] -- C:\autorun.inf -- [ NTFS ]

autorun.inf []
[2008/12/30 00:41:41 | 00,000,000 | RHSD | M] -- E:\autorun.inf -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- F:\AUTOEXEC.BAT -- [ FAT32 ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\AutoRun\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\install\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualEnglish\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualFrench\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualSpanish\command]
""=G:\rcaeasyrip_setup.exe -- File not found



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\Info.exe -- [2002/09/10 22:54:58 | 00,040,960 | -HS- | M] (XSS)

========== Files/Folders - Created Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2008/12/30 01:13:31 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/12/30 01:13:30 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/12/30 01:13:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008/12/30 01:04:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/12/30 01:04:25 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/12/30 01:04:18 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/12/30 00:51:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/12/30 00:51:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/12/30 00:51:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/12/30 00:51:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/12/30 00:51:10 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/12/30 00:51:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/30 00:51:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/30 00:51:10 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/12/30 00:51:10 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/12/30 00:50:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/30 00:50:54 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/12/30 00:47:43 | 02,887,980 | R--- | C] () -- C:\Documents and Settings\Wilson\Desktop\ComboFix.exe
[2008/12/30 00:45:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2008/12/30 00:41:41 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2008/12/29 16:36:16 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/12/29 16:36:16 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/12/28 19:18:04 | 00,000,000 | ---D | C] -- C:\Program Files\DellSupport
[2008/12/28 17:22:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/28 17:22:09 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/28 17:22:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/28 17:22:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/27 15:35:35 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe
[2008/12/21 17:51:57 | 00,000,705 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\World of Warcraft Trial.lnk
[2008/12/21 17:50:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2008/12/21 17:50:12 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Trial
[2008/12/17 20:55:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\McAfee
[2008/12/17 14:22:15 | 00,020,220 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\photo.jpg
[2008/12/17 09:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\Malwarebytes
[2008/12/17 09:24:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/17 01:28:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\InstallShield
[2008/12/16 23:22:36 | 00,020,689 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\sci exam.odt
[2008/12/16 20:44:17 | 00,000,116 | -H-- | C] () -- C:\Documents and Settings\Wilson\My Documents\.~lock.Sci Vocab.odt#
[2008/12/16 20:44:16 | 00,019,239 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Sci Vocab.odt
[2008/12/16 20:31:28 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/16 20:31:28 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/12/16 20:13:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\Uniblue
[2008/12/16 14:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\AdobeUM
[2008/12/15 19:38:35 | 00,015,730 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Ishmael paper.odt
[2008/12/15 18:39:12 | 00,036,967 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Final exam review.odt
[2008/12/15 18:31:35 | 00,019,053 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\Litton.odt
[2008/12/15 18:03:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\OpenOffice.org
[2008/12/15 18:01:10 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2008/12/15 17:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2008/12/15 17:56:33 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2008/12/15 17:28:21 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2008/12/15 17:28:20 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2008/12/15 17:28:19 | 00,000,000 | ---D | C] -- C:\Program Files\Dell 720
[2008/12/15 17:27:08 | 00,000,000 | ---D | C] -- C:\Dell720
[2008/12/04 14:06:51 | 00,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2008/12/04 13:45:31 | 01,195,686 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\cc_20081204_134527.reg
[2008/12/04 13:30:57 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\CCleaner.lnk
[2008/12/04 13:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/04 13:25:12 | 00,000,583 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2008/12/04 13:21:11 | 00,158,720 | ---- | C] () -- C:\WINDOWS\RegGenieOnUninstall.exe
[2008/12/04 12:47:04 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2008/12/04 12:47:04 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2008/12/04 10:21:20 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ucigenoguqutoqih.dll
[2008/12/04 00:54:56 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clb.dll
[2008/12/04 00:54:56 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clb.dll
[2008/12/04 00:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Local Settings\Application Data\FreeFixer
[2008/12/03 23:34:02 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/03 18:20:59 | 00,153,489 | ---- | C] () -- C:\WINDOWS\System32\g80.exe
[2008/12/03 17:16:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Local Settings\Application Data\{B4151342-AE5B-49AB-B574-3BB9B3A96AC1}
[2008/12/03 17:16:21 | 00,141,824 | ---- | C] () -- C:\WINDOWS\ohepiriq.dll
[2008/12/02 16:52:06 | 00,006,009 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\repell_004.swf
[2008/12/02 16:51:34 | 00,007,449 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\test_004.swf
[2008/12/02 16:50:48 | 00,007,464 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\test_005.swf
[2008/12/02 16:48:23 | 00,009,465 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\animateIn_03.swf
[2008/12/02 16:45:34 | 00,004,099 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\dinglePointclass_09.swf
[2008/12/02 16:42:04 | 00,005,159 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\test_002.swf
[2008/12/02 16:39:47 | 00,004,912 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\dinglePointclass_12.swf

========== Files - Modified Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2008/12/30 01:31:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/30 01:29:29 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/30 01:24:32 | 00,018,195 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/12/30 01:12:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/30 01:09:25 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/30 01:09:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/30 01:09:14 | 21,454,39744 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/30 01:04:29 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/12/30 00:47:46 | 02,887,980 | R--- | M] () -- C:\Documents and Settings\Wilson\Desktop\ComboFix.exe
[2008/12/29 16:36:21 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/12/29 16:36:21 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/12/29 16:19:39 | 00,000,558 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/29 16:19:39 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2008/12/29 13:39:16 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/12/28 19:05:32 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wedadopi
[2008/12/28 17:22:09 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/28 17:13:17 | 00,000,642 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2008/12/27 15:35:41 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe
[2008/12/25 13:51:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/21 17:51:58 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\World of Warcraft Trial.lnk
[2008/12/17 20:36:49 | 00,000,421 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/17 14:22:15 | 00,020,220 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\photo.jpg
[2008/12/17 09:13:48 | 01,615,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/16 23:28:01 | 00,020,689 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\sci exam.odt
[2008/12/16 20:44:18 | 00,019,239 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Sci Vocab.odt
[2008/12/16 20:44:17 | 00,000,116 | -H-- | M] () -- C:\Documents and Settings\Wilson\My Documents\.~lock.Sci Vocab.odt#
[2008/12/16 13:45:35 | 00,015,730 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Ishmael paper.odt
[2008/12/15 18:45:32 | 00,101,184 | ---- | M] () -- C:\Documents and Settings\Wilson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/15 18:39:15 | 00,036,967 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Final exam review.odt
[2008/12/15 18:31:36 | 00,019,053 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\Litton.odt
[2008/12/15 18:01:10 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2008/12/15 01:13:38 | 00,000,342 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/12/04 13:47:06 | 01,195,686 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\cc_20081204_134527.reg
[2008/12/04 13:38:24 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\CCleaner.lnk
[2008/12/04 13:25:13 | 00,000,583 | ---- | M] () -- C:\WINDOWS\RegGenie.ini
[2008/12/04 12:47:04 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/04 12:47:04 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/04 10:50:51 | 00,425,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/04 10:50:51 | 00,071,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/04 10:50:49 | 00,506,022 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/04 10:21:21 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ucigenoguqutoqih.dll
[2008/12/03 19:53:40 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:53:36 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 18:21:00 | 00,153,489 | ---- | M] () -- C:\WINDOWS\System32\g80.exe
[2008/12/03 17:16:22 | 00,141,824 | ---- | M] () -- C:\WINDOWS\ohepiriq.dll
[2008/12/02 16:52:06 | 00,006,009 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\repell_004.swf
[2008/12/02 16:51:34 | 00,007,449 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\test_004.swf
[2008/12/02 16:50:48 | 00,007,464 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\test_005.swf
[2008/12/02 16:48:23 | 00,009,465 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\animateIn_03.swf
[2008/12/02 16:45:34 | 00,004,099 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\dinglePointclass_09.swf
[2008/12/02 16:42:04 | 00,005,159 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\test_002.swf
[2008/12/02 16:39:48 | 00,004,912 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\dinglePointclass_12.swf
< End of report >



OTViewIt Extras logfile created on: 12/30/2008 1:33:35 AM - Run 5
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Wilson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.16% Memory free
2.97 Gb Paging File | 2.60 Gb Available in Paging File | 87.49% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1349;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.79 Gb Total Space | 16.36 Gb Free Space | 48.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69.24 Gb Total Space | 52.34 Gb Free Space | 75.59% Space Free | Partition Type: NTFS
Drive F: | 5.27 Gb Total Space | 0.92 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGRED
Current User Name: Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = Reg Error: Key does not exist or could not be opened.] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2008/05/23 10:52:44 | 01,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe:*:Enabled:IntelMEM
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe:*:Enabled:mcsysmon
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe:*:Enabled:nmctxth
[2007/01/16 12:59:50 | 04,838,952 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/03 13:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}"=Sony ACID XPress 5.0a
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}"=Canon CanoScan Toolbox 4.5
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}"=Intel® PROSet for Wired Connections
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Modem On Hold
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}"=Network Magic
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}"=Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0.7
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}"=ATI Catalyst Control Center
"{F44DA61E-720D-4E79-871F-F6E628B33242}"=OpenOffice.org 3.0
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"7-Zip"=7-Zip 4.44 beta
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop 7.0"=Adobe Photoshop 7.0
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"CCleaner"=CCleaner (remove only)
"Dell Photo Printer 720"=Dell Photo Printer 720
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"LastFM_is1"=Last.fm 1.5.1.29527
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"Network MagicUninstall"=Network Magic
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PROSet"=Intel® PRO Network Adapters and Drivers
"TweakNow RegCleaner Standard_is1"=TweakNow RegCleaner Standard
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Warcraft Trial"=World of Warcraft Trial

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Warcraft Trial"=World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2008 7:31:22 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.7.142, faulting module
unknown, version 0.0.0.0, fault address 0x00d22433.

Error - 12/24/2008 7:31:29 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application nmapp.exe, version 4.5.7228.0, faulting module
unknown, version 0.0.0.0, fault address 0x02ee2433.

Error - 12/24/2008 7:31:30 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application qttask.exe, version 7.4.1.14, faulting module
unknown, version 0.0.0.0, fault address 0x01382433.

Error - 12/24/2008 9:47:17 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00bc3ef2.

Error - 12/24/2008 9:48:01 PM | Computer Name = BIGRED | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 12/24/2008 9:51:25 PM | Computer Name = BIGRED | Source = Application Error | ID = 1004
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00bc3ef2.

Error - 12/25/2008 7:00:47 AM | Computer Name = BIGRED | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2008 4:37:58 PM | Computer Name = BIGRED | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2008 4:43:01 PM | Computer Name = BIGRED | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2008 4:01:50 AM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application qcconsol.exe, version 8.1.106.0, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x00019c0f.

[ System Events ]
Error - 12/28/2008 8:18:41 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/28/2008 8:18:42 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/29/2008 3:18:19 PM | Computer Name = BIGRED | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 12/29/2008 3:22:46 PM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/29/2008 3:43:35 PM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/29/2008 3:46:39 PM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/29/2008 5:19:25 PM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/29/2008 5:26:24 PM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/30/2008 1:50:00 AM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/30/2008 2:10:19 AM | Computer Name = BIGRED | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.


< End of report >


i hope this helps and thank you for your support

p.s. i hope your virus clears up and you are feeling better :thumbsup:
sagasha
mysterious dust from space

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 PM

Posted 31 December 2008 - 04:53 PM

Hello Sagasha.

Once again I'm sorry for the delay..

I see you ran Combofix twice, I will need to see the previous run to see what Combofix took out.

To locate the other Combofix log, navigate to C:\Qoobox\Combofix2.txt<- post back with this log

I still see many other files that we need to take care of. Please post the logs when you and ready. Next post we will begin to get rid of those files/folders/registry items etc..

Post back with:
-Combofix2.txt

I'll review it once it comes in.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 sagasha

sagasha
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, MI
  • Local time:03:20 PM

Posted 31 December 2008 - 09:51 PM

Sorry if I f***ked things up again. I don't see Combofix2.txt. I ran Combofix twice because it quit in the middle of the first run when McAfee started running a scan. I completely disabled McAfee and Spybot TeaTimer and reran Combofix and those were the results posted (C:\ComboFix.txt). There are two .txt files in C:\Qoobox\ and they are listed as:

1. ComboFix-quarantined-files.txt
2. Add-Remove Programs.txt

I Have posted them below:


ComboFix-quarantined-files.txt

2007-02-14 16:30:50 A------- 144 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\setup.inf.vir
2007-11-09 17:54:31 A------- 202,830 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atasnt40.dll.vir
2007-11-09 17:54:32 A------- 65,536 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atnetext.dll.vir
2007-11-09 17:54:32 A------- 65,536 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\wbxcrypt.dll.vir
2007-11-09 17:54:32 A------- 120,398 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atdl2006.dll.vir
2007-11-09 17:54:33 A------- 126,976 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\attp.dll.vir
2007-11-09 17:54:34 A------- 24,576 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atmemmgr.dll.vir
2007-11-09 17:54:34 A------- 49,152 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atcarmcl.dll.vir
2007-11-09 17:54:34 A------- 233,472 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atarm.dll.vir
2007-11-09 17:54:35 A------- 5,709 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atkbctl.dll.vir
2007-11-09 17:54:35 A------- 110,592 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\uilibres.dll.vir
2007-11-09 17:54:36 A------- 159,744 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atlchat.dll.vir
2007-11-09 17:54:37 A------- 23,113 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atpack.dll.vir
2007-11-09 17:54:37 A------- 81,408 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atjpeg60.dll.vir
2007-11-09 17:54:38 A------- 61,518 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atasanot.exe.vir
2007-11-09 17:54:39 A------- 141,388 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atas32.dll.vir
2007-11-09 17:54:40 A------- 36,864 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\raurl.dll.vir
2007-11-09 17:54:40 A------- 404,046 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atasctrl.dll.vir
2007-11-09 17:54:42 A------- 1,957,888 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\mwmres.dll.vir
2007-11-09 17:54:44 A------- 368,640 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\webexmgr.dll.vir
2007-11-09 17:54:46 A------- 1,810,432 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atres.dll.vir
2007-11-09 17:54:47 A------- 315,392 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\atwbxui5.dll.vir
2007-11-09 17:54:48 A------- 28,672 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\ratrace.dll.vir
2007-11-09 17:54:48 A------- 128,592 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\mwmupd.exe.vir
2007-11-09 17:54:49 A------- 98,304 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\mwmcliun.exe.vir
2007-11-09 17:54:50 A------- 36,864 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\mwmHook.dll.vir
2007-11-09 17:54:50 A------- 90,112 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\mwmproxy.dll.vir
2007-11-09 17:54:53 A------- 113 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\mwm.ini.vir
2007-11-09 17:54:53 A------- 1,313 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\mwmtrace.txt.vir
2007-11-09 17:54:53 A------- 88,141 C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\MyWebEx\491\ieatgpc.dll.vir
2008-09-03 19:59:03 A------- 63,488 C:\Qoobox\Quarantine\C\WINDOWS\system32\dutesora.dll.vir
2008-09-03 19:59:04 A------- 63,488 C:\Qoobox\Quarantine\C\WINDOWS\system32\bowowoji.dll.vir
2008-09-15 21:52:52 A------- 66,848 C:\Qoobox\Quarantine\C\WINDOWS\system32\nejopoyi.dll.vir
2008-09-23 14:41:38 A------- 63,094 C:\Qoobox\Quarantine\C\WINDOWS\system32\miwahone.dll.vir
2008-09-25 17:52:36 A------- 63,042 C:\Qoobox\Quarantine\C\WINDOWS\system32\wukanipo.dll.vir
2008-12-03 01:21:16 A------- 192,121 C:\Qoobox\Quarantine\C\WINDOWS\system32\dv\BPI7C44.exe.vir
2008-12-03 17:03:49 A------- 296 C:\Qoobox\Quarantine\C\WINDOWS\Tasks\wwffhigt.job.vir
2008-12-03 17:12:34 A------- 1,858 C:\Qoobox\Quarantine\C\temp\DIV55\xDb.log.vir
2008-12-30 00:50:54 A------- 166 C:\Qoobox\Quarantine\catchme.log
2008-12-30 01:07:30 A------- 6,731 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-12-30 01:07:42 A------- 1,054 C:\Qoobox\Quarantine\Registry_backups\Legacy_CLBDRIVER.reg.dat
2008-12-30 01:29:57 A------- 157 C:\Qoobox\Quarantine\Registry_backups\BHO-{BC109875-E2C2-4897-AAC3-753DC03B2DAF}.reg.dat
2008-12-30 01:29:58 A------- 0 C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{DB8A7D4C-6982-435E-8FF2-5BF0076BE290}.reg.dat
2008-12-30 01:30:07 A------- 270 C:\Qoobox\Quarantine\Registry_backups\Notify-tuvUmLET.reg.dat
2008-12-30 01:30:07 A------- 278 C:\Qoobox\Quarantine\Registry_backups\Notify-!SASWinLogon.reg.dat
2008-12-30 01:30:07 A------- 498 C:\Qoobox\Quarantine\Registry_backups\Notify-yayvSjji.reg.dat
2008-12-30 01:30:10 A------- 572 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-HPHmon04.reg.dat
2008-12-30 01:30:10 A------- 602 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Mvugocopolog.reg.dat
2008-12-30 01:30:10 A------- 614 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-nokipipiki.reg.dat
2008-12-30 01:30:10 A------- 628 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-TomTomHOME.reg.dat
2008-12-30 01:30:10 A------- 632 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DVDLauncher.reg.dat


Add-Remove Programs.txt

7-Zip 4.44 beta
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 7.0.7
Adobe Shockwave Player 11
AOLIcon
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Canon CanoScan Toolbox 4.5
CCleaner (remove only)
Dell Driver Reset Tool
Dell Photo Printer 720
Dell System Restore
DellSupport
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 11
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Last.fm 1.5.1.29527
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Network Magic
NVIDIA Drivers
OpenOffice.org 3.0
Pure Networks Platform
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sony ACID XPress 5.0a
Spybot - Search & Destroy
TweakNow RegCleaner Standard
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
World of Warcraft Trial

Also, during McAfee's scan it removed some infected stuff... so I imagine the first Combofix Log is probably different than the one posted.
I do know how to disable McAfee and Spybot now so if you need me to repeat the steps I would be happy too.
Sorry. I told you I was a newbie at this but I've had this machine running almost nonstop for years and NEVER had a problem. SIGH. Whatever it takes I'll do it.

thanks
sagasha
mysterious dust from space

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 PM

Posted 02 January 2009 - 11:37 AM

Hello again.

It's okay... I can still see most of the previous deletion.. The Combofix is outdated, we need to download a fresh Copy, the updated version.

Uninstall ComboFix

Remove Combofix now that we're going to download a newer version.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
  • When shown the disclaimer, Select "2"
Uninstalling ComboFix remove all components related to it.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Please post back with:
-Combofix log (RUN IT ONLY ONCE PLEASE)
-New OTViewIT logs


With Regards,
Extremeboy

Edited by extremeboy, 02 January 2009 - 11:37 AM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 sagasha

sagasha
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, MI
  • Local time:03:20 PM

Posted 02 January 2009 - 05:11 PM

okey doke... here's the 3 files. i hope we can knock her out.




ComboFix 09-01-01.02 - Wilson 2009-01-02 17:03:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1444 [GMT -5:00]
Running from: c:\documents and settings\Wilson\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2008-12-30 01:13 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-30 01:13 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-30 00:45 . 2008-12-30 00:46 <DIR> d-------- c:\windows\system32\Adobe
2008-12-29 16:36 . 2008-12-30 14:55 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-29 16:36 . 2008-12-30 14:55 1,409 --a------ c:\windows\QTFont.for
2008-12-28 19:18 . 2008-12-28 19:18 <DIR> d-------- c:\program files\DellSupport
2008-12-28 19:05 . 2008-12-28 19:05 <DIR> d-------- c:\documents and settings\LocalService\Application Data\McAfee
2008-12-28 17:22 . 2008-12-28 17:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 17:22 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 17:22 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-21 17:50 . 2008-12-21 21:37 <DIR> d-------- c:\program files\World of Warcraft Trial
2008-12-21 17:50 . 2008-12-21 17:50 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-12-17 20:55 . 2008-12-28 16:57 <DIR> d-------- c:\documents and settings\Wilson\Application Data\McAfee
2008-12-17 09:24 . 2008-12-17 09:24 <DIR> d-------- c:\documents and settings\Wilson\Application Data\Malwarebytes
2008-12-17 09:24 . 2008-12-17 09:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 09:22 . 2008-12-17 09:21 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-17 01:28 . 2008-12-17 01:28 <DIR> d-------- c:\documents and settings\Wilson\Application Data\InstallShield
2008-12-16 20:31 . 2008-12-16 20:31 <DIR> d-------- C:\rsit
2008-12-16 20:31 . 2008-12-16 20:31 <DIR> d-------- c:\program files\trend micro
2008-12-16 20:13 . 2008-12-16 20:13 <DIR> d-------- c:\documents and settings\Wilson\Application Data\Uniblue
2008-12-16 14:21 . 2008-12-16 14:21 <DIR> d-------- c:\documents and settings\Wilson\Application Data\AdobeUM
2008-12-15 18:03 . 2008-12-15 18:03 <DIR> d-------- c:\documents and settings\Wilson\Application Data\OpenOffice.org
2008-12-15 17:57 . 2008-12-15 17:57 <DIR> d-------- c:\program files\JRE
2008-12-15 17:56 . 2008-12-15 17:56 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-12-15 17:28 . 2008-12-15 17:28 <DIR> d-------- c:\program files\Dell 720
2008-12-15 17:28 . 2004-03-04 11:30 311,296 --a------ c:\windows\system32\LEXBCES.EXE
2008-12-15 17:28 . 2004-03-04 11:25 201,216 --a------ c:\windows\system32\LEXP2P32.DLL
2008-12-15 17:28 . 2004-03-04 11:34 197,120 --a------ c:\windows\system32\LEX2KUSB.DLL
2008-12-15 17:28 . 2003-03-26 14:29 192,512 --a------ c:\windows\system32\lexlmpm.dll
2008-12-15 17:28 . 2004-03-04 11:26 174,592 --a------ c:\windows\system32\LEXPPS.EXE
2008-12-15 17:28 . 2004-03-04 11:27 147,456 --a------ c:\windows\system32\LEXBCE.DLL
2008-12-15 17:28 . 2004-05-27 05:06 73,728 --a------ c:\windows\system32\dlbcpwr.dll
2008-12-15 17:28 . 2004-05-27 05:25 57,344 --a------ c:\windows\system32\dlbccinf.dll
2008-12-15 17:28 . 2004-05-27 05:25 49,152 --a------ c:\windows\system32\dlbccoin.dll
2008-12-15 17:28 . 2002-11-13 15:40 40,960 --a------ c:\windows\system32\dlbcvs.dll
2008-12-15 17:28 . 2004-02-10 15:08 373 --a------ c:\windows\system32\dlbccoin.ini
2008-12-15 17:27 . 2008-12-15 17:27 <DIR> d-------- C:\Dell720
2008-12-04 14:06 . 2004-03-09 13:00 132,880 --a------ c:\windows\system32\MSINET.OCX
2008-12-04 13:30 . 2008-12-04 13:30 <DIR> d-------- c:\program files\CCleaner
2008-12-04 13:25 . 2008-12-04 13:25 583 --a------ c:\windows\RegGenie.ini
2008-12-04 13:21 . 2008-11-27 04:35 158,720 --a------ c:\windows\RegGenieOnUninstall.exe
2008-12-04 10:21 . 2008-12-04 10:21 132,608 --a------ c:\windows\ucigenoguqutoqih.dll
2008-12-04 00:54 . 2001-08-17 22:36 10,752 --a------ c:\windows\system32\dllcache\clb.dll
2008-12-04 00:54 . 2001-08-17 22:36 10,752 --a------ c:\windows\system32\clb.dll
2008-12-03 18:20 . 2008-12-03 18:21 153,489 --a------ c:\windows\system32\g80.exe
2008-12-03 17:16 . 2008-12-03 17:16 141,824 --a------ c:\windows\ohepiriq.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 07:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-29 00:18 --------- d-----w c:\program files\Dell
2008-12-28 21:57 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-28 21:47 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-18 01:52 --------- d-----w c:\documents and settings\Wilson\Application Data\TweakNow WinSecret
2008-12-17 14:21 --------- d-----w c:\program files\Java
2008-12-17 06:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-17 06:29 --------- d-----w c:\program files\CyberLink
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 01:06 --------- d-----w c:\documents and settings\Wilson\Application Data\Apple Computer
2008-12-04 04:40 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-24 21:49 --------- d-----w c:\documents and settings\Wilson\Application Data\Sony
2008-11-24 21:27 --------- d-----w c:\program files\Sony
2008-11-24 21:26 --------- d-----w c:\program files\Sony Setup
2008-11-15 21:45 --------- d-----w c:\documents and settings\Wilson\Application Data\Canon
2008-11-13 18:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-07-07 14:48 2 --shatr c:\windows\winstart.bat
2008-09-25 22:52 6,144 --sha-w c:\windows\system32\kiganopo.dll
2008-08-31 16:36 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]

c:\documents and settings\Wilson\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-13 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk.disabled]
backup=c:\windows\pss\Microsoft Find Fast.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk.disabled]
backup=c:\windows\pss\Office Startup.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^Deewoo.lnk]
backup=c:\windows\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^DW_Start.lnk]
backup=c:\windows\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 16:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2006-01-06 14:07 188416 c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 09:36 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 09:35 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nfukekojotohun]
--a------ 2008-12-03 17:16 141824 c:\windows\ohepiriq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 22:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 20:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2005-10-24 15:53 307200 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MBkLogOnHook"=c:\program files\McAfee\MBK\LogOnHook.exe
"mcagent_exe"=c:\program files\McAfee.com\Agent\mcagent.exe /runkey
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcsysmon.exe"=
"c:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmctxth.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

S1 diskdumpp;diskdumpp;c:\windows\system32\drivers\diskdumpp.sys []
S1 mutohpenn;mutohpenn;c:\windows\system32\drivers\mutohpenn.sys []
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}]
\Shell\AutoRun\command - G:\rcaeasyrip_setup.exe
\Shell\install\command - G:\rcaeasyrip_setup.exe
\Shell\usermanualEnglish\command - G:\rcaeasyrip_setup.exe /pdf_English
\Shell\usermanualFrench\command - G:\rcaeasyrip_setup.exe /pdf_French
\Shell\usermanualSpanish\command - G:\rcaeasyrip_setup.exe /pdf_Spanish
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-29 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{BC109875-E2C2-4897-AAC3-753DC03B2DAF} - __BHODemonDisabled
WebBrowser-{DB8A7D4C-6982-435E-8FF2-5BF0076BE290} - (no file)
Notify-!SASWinLogon - (no file)
Notify-tuvUmLET - (no file)
Notify-yayvSjji - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.my.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\google\googletoolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\googletoolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\googletoolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\googletoolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\googletoolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\googletoolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 17:05:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-02 17:06:57
ComboFix-quarantined-files.txt 2009-01-02 22:06:22
ComboFix2.txt 2008-12-30 06:31:13

Pre-Run: 18,940,846,080 bytes free
Post-Run: 18,927,775,744 bytes free

247 --- E O F --- 2008-12-30 08:02:41


OTViewIt logfile created on: 1/2/2009 5:07:26 PM - Run 6
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Wilson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.68% Memory free
2.97 Gb Paging File | 2.53 Gb Available in Paging File | 85.16% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1349;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.79 Gb Total Space | 17.64 Gb Free Space | 52.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69.24 Gb Total Space | 52.34 Gb Free Space | 75.59% Space Free | Partition Type: NTFS
Drive F: | 5.27 Gb Total Space | 0.92 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGRED
Current User Name: Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2008/12/17 09:21:23 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[2008/05/21 16:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/12/17 09:21:24 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2005/09/20 09:32:16 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2007/11/01 18:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
[2008/04/13 19:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/12/27 15:35:41 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/06/13 22:02:27 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/05/03 11:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/12/17 09:21:23 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2008/04/17 16:15:10 | 00,069,632 | ---- | M] (Macromedia) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [Auto | Running])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [Disabled | Stopped])
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2002/12/17 16:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
[2002/12/17 16:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2008/05/21 16:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2002/12/17 16:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/05/03 11:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2008/04/13 13:39:46 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dot4.sys -- (dot4 [On_Demand | Stopped])
[2001/08/17 13:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2001/08/17 13:47:32 | 00,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2004/02/10 22:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/03/06 05:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/06 05:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/06/16 04:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/01/01 16:03:21 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
[2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Running])
[2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/06 05:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2008/05/16 05:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/05/16 05:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/08/02 23:00:36 | 00,232,192 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/09/17 15:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2005/01/27 22:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.my.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.my.yahoo.com

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{BC109875-E2C2-4897-AAC3-753DC03B2DAF} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020023 -iexplore.exe7.0 (Adobe Systems, Inc.)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020023 -iexplore.exe7.0 (Adobe Systems, Inc.)

========== (O4) Startup Folders ==========

[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Wilson\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"History"=0

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\policies\microsoft\internet explorer\Control Panel]
"History"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoFileMenu"=0
"NoLowDiskSpaceChecks"=0
"NoBandCustomize"=0
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoFileMenu"=0
"NoLowDiskSpaceChecks"=0
"NoBandCustomize"=0
"NoDriveTypeAutoRun"=323
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
&Translate English Word: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Backward Links: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Cached Snapshot of Page: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Similar Pages: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Translate Page into English: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
&Translate English Word: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Backward Links: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Cached Snapshot of Page: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Similar Pages: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Translate Page into English: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://a1540.g.akamai.net/7/1540/52/200610...ex/qtplugin.cab -- QuickTime Object
{05D44720-58E3-49E6-BDF6-D00330E511D3}: http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab -- StagingUI Object
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}: http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab -- ZoneBuddy Class
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{55027008-315F-4F45-BBC3-8BE119764741}: http://www.slide.com/uploader/SlideImageUploader.cab -- Slide Image Uploader Control
{5736C456-EA94-4AAC-BB08-917ABDD035B3}: http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab -- ZonePAChat Object
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4}: http://catalog.update.microsoft.com/v7/sit...b?1199302321453 -- MUCatalogWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1229495589656 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{CAC181B0-4D70-402D-B571-C596A47D0CE0}: http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab -- CBankshotZoneCtrl Class
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CD995117-98E5-4169-9920-6C12D4C0B548}: http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab -- HGPlugin9USA Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}: http://zone.msn.com/binframework/v10/StProxy.cab41227.cab -- StadiumProxy Class
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}: https://aimprods01.webex.com/client/v_myweb...bex/ieatgpc.cab -- GpcContainer Class

========== (O17) DNS Name Servers ==========

{7FFF62B2-ABE6-4249-B1D3-C549C60E9540} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
tuvUmLET: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
yayvSjji: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [SET PATH=%PATH%;C:\PROGRA~1\COMMON~1\AUTODE~1 | ]
[2006/05/16 12:25:11 | 00,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []
[2008/12/30 00:41:41 | 00,000,000 | RHSD | M] -- C:\autorun.inf -- [ NTFS ]

autorun.inf []
[2008/12/30 00:41:41 | 00,000,000 | RHSD | M] -- E:\autorun.inf -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- F:\AUTOEXEC.BAT -- [ FAT32 ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\AutoRun\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\install\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualEnglish\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualFrench\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualSpanish\command]
""=G:\rcaeasyrip_setup.exe -- File not found


========== Files/Folders - Created Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/01/02 17:02:37 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/02 17:02:37 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/02 17:02:37 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/02 17:02:37 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/02 17:02:37 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/02 17:02:37 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/02 17:02:37 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/02 17:02:37 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/02 17:02:37 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/02 17:02:32 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/02 16:52:08 | 02,888,937 | R--- | C] () -- C:\Documents and Settings\Wilson\Desktop\ComboFix.exe
[2008/12/30 03:01:13 | 17,593,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/30 01:13:31 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/12/30 01:13:30 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/12/30 01:04:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/12/30 01:04:25 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/12/30 01:04:18 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/12/30 00:50:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/30 00:45:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2008/12/30 00:41:41 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2008/12/29 16:36:16 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/12/29 16:36:16 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/12/28 19:18:04 | 00,000,000 | ---D | C] -- C:\Program Files\DellSupport
[2008/12/28 17:22:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/28 17:22:09 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/28 17:22:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/28 17:22:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/27 15:35:35 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe
[2008/12/21 17:51:57 | 00,000,705 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\World of Warcraft Trial.lnk
[2008/12/21 17:50:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2008/12/21 17:50:12 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Trial
[2008/12/17 20:55:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\McAfee
[2008/12/17 14:22:15 | 00,020,220 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\photo.jpg
[2008/12/17 09:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\Malwarebytes
[2008/12/17 09:24:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/17 01:28:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\InstallShield
[2008/12/16 23:22:36 | 00,020,689 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\sci exam.odt
[2008/12/16 20:44:17 | 00,000,116 | -H-- | C] () -- C:\Documents and Settings\Wilson\My Documents\.~lock.Sci Vocab.odt#
[2008/12/16 20:44:16 | 00,019,239 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Sci Vocab.odt
[2008/12/16 20:31:28 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/16 20:31:28 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/12/16 20:13:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\Uniblue
[2008/12/16 14:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\AdobeUM
[2008/12/15 19:38:35 | 00,015,730 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Ishmael paper.odt
[2008/12/15 18:39:12 | 00,036,967 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Final exam review.odt
[2008/12/15 18:31:35 | 00,019,053 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\Litton.odt
[2008/12/15 18:03:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\OpenOffice.org
[2008/12/15 18:01:10 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2008/12/15 17:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2008/12/15 17:56:33 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2008/12/15 17:28:21 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2008/12/15 17:28:20 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2008/12/15 17:28:19 | 00,000,000 | ---D | C] -- C:\Program Files\Dell 720
[2008/12/15 17:27:08 | 00,000,000 | ---D | C] -- C:\Dell720
[2008/12/04 14:06:51 | 00,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2008/12/04 13:45:31 | 01,195,686 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\cc_20081204_134527.reg
[2008/12/04 13:30:57 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\CCleaner.lnk
[2008/12/04 13:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/04 13:25:12 | 00,000,583 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2008/12/04 13:21:11 | 00,158,720 | ---- | C] () -- C:\WINDOWS\RegGenieOnUninstall.exe
[2008/12/04 12:47:04 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2008/12/04 12:47:04 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2008/12/04 10:21:20 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ucigenoguqutoqih.dll
[2008/12/04 00:54:56 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clb.dll
[2008/12/04 00:54:56 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clb.dll
[2008/12/04 00:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Local Settings\Application Data\FreeFixer
[2008/12/03 23:34:02 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/03 18:20:59 | 00,153,489 | ---- | C] () -- C:\WINDOWS\System32\g80.exe
[2008/12/03 17:16:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Local Settings\Application Data\{B4151342-AE5B-49AB-B574-3BB9B3A96AC1}
[2008/12/03 17:16:21 | 00,141,824 | ---- | C] () -- C:\WINDOWS\ohepiriq.dll

========== Files - Modified Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/01/02 17:07:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/02 17:05:12 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/02 16:57:42 | 00,018,195 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/01/02 16:52:11 | 02,888,937 | R--- | M] () -- C:\Documents and Settings\Wilson\Desktop\ComboFix.exe
[2009/01/02 14:20:37 | 00,000,642 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/01/01 13:51:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/30 14:55:50 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/12/30 14:55:50 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/12/30 04:00:38 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/30 03:59:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/30 03:59:20 | 21,454,39744 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/30 01:09:25 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/30 01:04:29 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/12/29 16:19:39 | 00,000,558 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/29 16:19:39 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2008/12/29 13:39:16 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/12/28 19:05:32 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wedadopi
[2008/12/28 17:22:09 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/27 15:35:41 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe
[2008/12/21 17:51:58 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\World of Warcraft Trial.lnk
[2008/12/17 20:36:49 | 00,000,421 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/17 14:22:15 | 00,020,220 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\photo.jpg
[2008/12/17 09:13:48 | 01,615,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/16 23:28:01 | 00,020,689 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\sci exam.odt
[2008/12/16 20:44:18 | 00,019,239 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Sci Vocab.odt
[2008/12/16 20:44:17 | 00,000,116 | -H-- | M] () -- C:\Documents and Settings\Wilson\My Documents\.~lock.Sci Vocab.odt#
[2008/12/16 13:45:35 | 00,015,730 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Ishmael paper.odt
[2008/12/15 18:45:32 | 00,101,184 | ---- | M] () -- C:\Documents and Settings\Wilson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/15 18:39:15 | 00,036,967 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Final exam review.odt
[2008/12/15 18:31:36 | 00,019,053 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\Litton.odt
[2008/12/15 18:01:10 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2008/12/15 01:13:38 | 00,000,342 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/04 13:47:06 | 01,195,686 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\cc_20081204_134527.reg
[2008/12/04 13:38:24 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\CCleaner.lnk
[2008/12/04 13:25:13 | 00,000,583 | ---- | M] () -- C:\WINDOWS\RegGenie.ini
[2008/12/04 12:47:04 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/04 12:47:04 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/04 10:50:51 | 00,425,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/04 10:50:51 | 00,071,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/04 10:50:49 | 00,506,022 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/04 10:21:21 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ucigenoguqutoqih.dll
[2008/12/03 19:53:40 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:53:36 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 18:21:00 | 00,153,489 | ---- | M] () -- C:\WINDOWS\System32\g80.exe
[2008/12/03 17:16:22 | 00,141,824 | ---- | M] () -- C:\WINDOWS\ohepiriq.dll
< End of report >


OTViewIt Extras logfile created on: 1/2/2009 5:07:26 PM - Run 6
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Wilson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.68% Memory free
2.97 Gb Paging File | 2.53 Gb Available in Paging File | 85.16% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1349;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.79 Gb Total Space | 17.64 Gb Free Space | 52.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69.24 Gb Total Space | 52.34 Gb Free Space | 75.59% Space Free | Partition Type: NTFS
Drive F: | 5.27 Gb Total Space | 0.92 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGRED
Current User Name: Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = Reg Error: Key does not exist or could not be opened.] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2008/05/23 10:52:44 | 01,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe:*:Enabled:IntelMEM
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe:*:Enabled:mcsysmon
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe:*:Enabled:nmctxth
[2007/01/16 12:59:50 | 04,838,952 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/03 13:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}"=Sony ACID XPress 5.0a
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}"=Canon CanoScan Toolbox 4.5
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}"=Intel® PROSet for Wired Connections
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Modem On Hold
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}"=Network Magic
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}"=Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0.7
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}"=ATI Catalyst Control Center
"{F44DA61E-720D-4E79-871F-F6E628B33242}"=OpenOffice.org 3.0
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"7-Zip"=7-Zip 4.44 beta
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop 7.0"=Adobe Photoshop 7.0
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"CCleaner"=CCleaner (remove only)
"Dell Photo Printer 720"=Dell Photo Printer 720
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"LastFM_is1"=Last.fm 1.5.1.29527
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"Network MagicUninstall"=Network Magic
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PROSet"=Intel® PRO Network Adapters and Drivers
"TweakNow RegCleaner Standard_is1"=TweakNow RegCleaner Standard
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Warcraft Trial"=World of Warcraft Trial

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Warcraft Trial"=World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2008 7:31:22 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.7.142, faulting module
unknown, version 0.0.0.0, fault address 0x00d22433.

Error - 12/24/2008 7:31:29 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application nmapp.exe, version 4.5.7228.0, faulting module
unknown, version 0.0.0.0, fault address 0x02ee2433.

Error - 12/24/2008 7:31:30 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application qttask.exe, version 7.4.1.14, faulting module
unknown, version 0.0.0.0, fault address 0x01382433.

Error - 12/24/2008 9:47:17 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00bc3ef2.

Error - 12/24/2008 9:48:01 PM | Computer Name = BIGRED | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 12/24/2008 9:51:25 PM | Computer Name = BIGRED | Source = Application Error | ID = 1004
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00bc3ef2.

Error - 12/25/2008 7:00:47 AM | Computer Name = BIGRED | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2008 4:37:58 PM | Computer Name = BIGRED | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2008 4:43:01 PM | Computer Name = BIGRED | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2008 4:01:50 AM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application qcconsol.exe, version 8.1.106.0, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x00019c0f.

[ System Events ]
Error - 12/28/2008 8:18:41 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/28/2008 8:18:42 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/29/2008 3:18:19 PM | Computer Name = BIGRED | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 12/29/2008 3:22:46 PM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/29/2008 3:43:35 PM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/29/2008 3:46:39 PM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/29/2008 5:19:25 PM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/29/2008 5:26:24 PM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/30/2008 1:50:00 AM | Computer Name = BIGRED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/30/2008 2:10:19 AM | Computer Name = BIGRED | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.


< End of report >
sagasha
mysterious dust from space

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 PM

Posted 03 January 2009 - 01:35 PM

Hello Sagasha.

Let's remove some more. :thumbsup:

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    c:\windows\ohepiriq.dll
    c:\windows\ucigenoguqutoqih.dll
    c:\windows\system32\kiganopo.dll
    c:\windows\winstart.bat
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nfukekojotohun]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvUmLET]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayvSjji]
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Update Java to Version 6 Update 11

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Please post back with:
-Combofix log
-MBAM log
-New OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 sagasha

sagasha
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Detroit, MI
  • Local time:03:20 PM

Posted 03 January 2009 - 10:17 PM

here you go extremeboy...

combofix
malwarebytes
OTIViewIt
Extras



ComboFix 09-01-02.01 - Wilson 2009-01-03 21:04:56.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1609 [GMT -5:00]
Running from: c:\documents and settings\Wilson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wilson\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*

FILE ::
c:\windows\ohepiriq.dll
c:\windows\system32\kiganopo.dll
c:\windows\ucigenoguqutoqih.dll
c:\windows\winstart.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ohepiriq.dll
c:\windows\system32\kiganopo.dll
c:\windows\ucigenoguqutoqih.dll
c:\windows\winstart.bat

.
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-02 22:14 . 2009-01-02 22:14 <DIR> d--hs---- c:\documents and settings\Wilson\UserData
2008-12-30 01:13 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-30 01:13 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-30 00:45 . 2008-12-30 00:46 <DIR> d-------- c:\windows\system32\Adobe
2008-12-29 16:36 . 2009-01-03 00:51 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-29 16:36 . 2009-01-03 00:51 1,409 --a------ c:\windows\QTFont.for
2008-12-28 19:18 . 2008-12-28 19:18 <DIR> d-------- c:\program files\DellSupport
2008-12-28 19:05 . 2008-12-28 19:05 <DIR> d-------- c:\documents and settings\LocalService\Application Data\McAfee
2008-12-28 17:22 . 2008-12-28 17:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 17:22 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 17:22 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-21 17:50 . 2008-12-21 21:37 <DIR> d-------- c:\program files\World of Warcraft Trial
2008-12-21 17:50 . 2008-12-21 17:50 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-12-17 20:55 . 2008-12-28 16:57 <DIR> d-------- c:\documents and settings\Wilson\Application Data\McAfee
2008-12-17 09:24 . 2008-12-17 09:24 <DIR> d-------- c:\documents and settings\Wilson\Application Data\Malwarebytes
2008-12-17 09:24 . 2008-12-17 09:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 09:22 . 2008-12-17 09:21 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-17 01:28 . 2008-12-17 01:28 <DIR> d-------- c:\documents and settings\Wilson\Application Data\InstallShield
2008-12-16 20:31 . 2008-12-16 20:31 <DIR> d-------- C:\rsit
2008-12-16 20:31 . 2008-12-16 20:31 <DIR> d-------- c:\program files\trend micro
2008-12-16 20:13 . 2008-12-16 20:13 <DIR> d-------- c:\documents and settings\Wilson\Application Data\Uniblue
2008-12-16 14:21 . 2008-12-16 14:21 <DIR> d-------- c:\documents and settings\Wilson\Application Data\AdobeUM
2008-12-15 18:03 . 2008-12-15 18:03 <DIR> d-------- c:\documents and settings\Wilson\Application Data\OpenOffice.org
2008-12-15 17:57 . 2008-12-15 17:57 <DIR> d-------- c:\program files\JRE
2008-12-15 17:56 . 2008-12-15 17:56 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-12-15 17:28 . 2008-12-15 17:28 <DIR> d-------- c:\program files\Dell 720
2008-12-15 17:28 . 2004-03-04 11:30 311,296 --a------ c:\windows\system32\LEXBCES.EXE
2008-12-15 17:28 . 2004-03-04 11:25 201,216 --a------ c:\windows\system32\LEXP2P32.DLL
2008-12-15 17:28 . 2004-03-04 11:34 197,120 --a------ c:\windows\system32\LEX2KUSB.DLL
2008-12-15 17:28 . 2003-03-26 14:29 192,512 --a------ c:\windows\system32\lexlmpm.dll
2008-12-15 17:28 . 2004-03-04 11:26 174,592 --a------ c:\windows\system32\LEXPPS.EXE
2008-12-15 17:28 . 2004-03-04 11:27 147,456 --a------ c:\windows\system32\LEXBCE.DLL
2008-12-15 17:28 . 2004-05-27 05:06 73,728 --a------ c:\windows\system32\dlbcpwr.dll
2008-12-15 17:28 . 2004-05-27 05:25 57,344 --a------ c:\windows\system32\dlbccinf.dll
2008-12-15 17:28 . 2004-05-27 05:25 49,152 --a------ c:\windows\system32\dlbccoin.dll
2008-12-15 17:28 . 2002-11-13 15:40 40,960 --a------ c:\windows\system32\dlbcvs.dll
2008-12-15 17:28 . 2004-02-10 15:08 373 --a------ c:\windows\system32\dlbccoin.ini
2008-12-15 17:27 . 2008-12-15 17:27 <DIR> d-------- C:\Dell720
2008-12-04 14:06 . 2004-03-09 13:00 132,880 --a------ c:\windows\system32\MSINET.OCX
2008-12-04 13:30 . 2008-12-04 13:30 <DIR> d-------- c:\program files\CCleaner
2008-12-04 13:25 . 2008-12-04 13:25 583 --a------ c:\windows\RegGenie.ini
2008-12-04 13:21 . 2008-11-27 04:35 158,720 --a------ c:\windows\RegGenieOnUninstall.exe
2008-12-04 00:54 . 2001-08-17 22:36 10,752 --a------ c:\windows\system32\dllcache\clb.dll
2008-12-04 00:54 . 2001-08-17 22:36 10,752 --a------ c:\windows\system32\clb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 07:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-29 00:18 --------- d-----w c:\program files\Dell
2008-12-28 21:57 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-28 21:47 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-18 01:52 --------- d-----w c:\documents and settings\Wilson\Application Data\TweakNow WinSecret
2008-12-17 14:21 --------- d-----w c:\program files\Java
2008-12-17 06:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-17 06:29 --------- d-----w c:\program files\CyberLink
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 01:06 --------- d-----w c:\documents and settings\Wilson\Application Data\Apple Computer
2008-12-04 04:40 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-03 23:21 153,489 ----a-w c:\windows\system32\g80.exe
2008-11-24 21:49 --------- d-----w c:\documents and settings\Wilson\Application Data\Sony
2008-11-24 21:27 --------- d-----w c:\program files\Sony
2008-11-24 21:26 --------- d-----w c:\program files\Sony Setup
2008-11-15 21:45 --------- d-----w c:\documents and settings\Wilson\Application Data\Canon
2008-11-13 18:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-08-31 16:36 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-02_17.05.51.69 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-02 20:38:58 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-03 22:29:22 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-02 20:38:58 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-03 22:29:22 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]

c:\documents and settings\Wilson\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-13 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk.disabled]
backup=c:\windows\pss\Microsoft Find Fast.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk.disabled]
backup=c:\windows\pss\Office Startup.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^Deewoo.lnk]
backup=c:\windows\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^DW_Start.lnk]
backup=c:\windows\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wilson^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 16:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2006-01-06 14:07 188416 c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 09:36 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 09:35 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 22:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 20:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2005-10-24 15:53 307200 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MBkLogOnHook"=c:\program files\McAfee\MBK\LogOnHook.exe
"mcagent_exe"=c:\program files\McAfee.com\Agent\mcagent.exe /runkey

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcsysmon.exe"=
"c:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmctxth.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

S1 diskdumpp;diskdumpp;c:\windows\system32\drivers\diskdumpp.sys --> c:\windows\system32\drivers\diskdumpp.sys [?]
S1 mutohpenn;mutohpenn;c:\windows\system32\drivers\mutohpenn.sys --> c:\windows\system32\drivers\mutohpenn.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}]
\Shell\AutoRun\command - G:\rcaeasyrip_setup.exe
\Shell\install\command - G:\rcaeasyrip_setup.exe
\Shell\usermanualEnglish\command - G:\rcaeasyrip_setup.exe /pdf_English
\Shell\usermanualFrench\command - G:\rcaeasyrip_setup.exe /pdf_French
\Shell\usermanualSpanish\command - G:\rcaeasyrip_setup.exe /pdf_Spanish
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-29 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{BC109875-E2C2-4897-AAC3-753DC03B2DAF} - (no file)
WebBrowser-{DB8A7D4C-6982-435E-8FF2-5BF0076BE290} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.my.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\google\googletoolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\googletoolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\googletoolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\googletoolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\googletoolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\googletoolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 21:08:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-03 21:09:40
ComboFix-quarantined-files.txt 2009-01-04 02:09:11
ComboFix2.txt 2009-01-02 22:07:00
ComboFix3.txt 2008-12-30 06:31:13

Pre-Run: 19,075,039,232 bytes free
Post-Run: 19,071,496,192 bytes free

257 --- E O F --- 2008-12-30 08:02:41



Malwarebytes' Anti-Malware 1.31
Database version: 1607
Windows 5.1.2600 Service Pack 3

1/3/2009 10:08:55 PM
mbam-log-2009-01-03 (22-08-55).txt

Scan type: Quick Scan
Objects scanned: 49774
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



OTViewIt logfile created on: 1/3/2009 10:10:54 PM - Run 7
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Wilson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 78.94% Memory free
2.97 Gb Paging File | 2.69 Gb Available in Paging File | 90.28% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1349;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.79 Gb Total Space | 18.03 Gb Free Space | 53.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69.24 Gb Total Space | 52.34 Gb Free Space | 75.59% Space Free | Partition Type: NTFS
Drive F: | 5.27 Gb Total Space | 0.92 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGRED
Current User Name: Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[2008/05/21 16:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2009/01/03 21:33:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/11/01 18:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
[2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/12/27 15:35:41 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/06/13 22:02:27 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/05/03 11:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2008/04/17 16:15:10 | 00,069,632 | ---- | M] (Macromedia) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2007/01/16 12:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [Auto | Running])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [Disabled | Stopped])
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2002/12/17 16:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
[2002/12/17 16:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2008/05/21 16:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2002/12/17 16:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2009/01/03 21:33:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services ==========

[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/05/03 11:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2008/04/13 13:39:46 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dot4.sys -- (dot4 [On_Demand | Stopped])
[2001/08/17 13:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2001/08/17 13:47:32 | 00,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2004/02/10 22:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/03/06 05:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/06 05:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/06/16 04:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/01/01 16:03:21 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
[2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/06 05:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2008/05/16 05:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/05/16 05:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/08/02 23:00:36 | 00,232,192 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/09/17 15:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2005/01/27 22:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.my.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.my.yahoo.com

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{BC109875-E2C2-4897-AAC3-753DC03B2DAF} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB8A7D4C-6982-435E-8FF2-5BF0076BE290}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB8A7D4C-6982-435E-8FF2-5BF0076BE290}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe (McAfee)
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)

========== (O4) Startup Folders ==========

[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Wilson\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"History"=0

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\policies\microsoft\internet explorer\Control Panel]
"History"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoFileMenu"=0
"NoLowDiskSpaceChecks"=0
"NoBandCustomize"=0
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoFileMenu"=0
"NoLowDiskSpaceChecks"=0
"NoBandCustomize"=0
"NoDriveTypeAutoRun"=323
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
&Translate English Word: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Backward Links: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Cached Snapshot of Page: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Similar Pages: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Translate Page into English: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
&Translate English Word: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Backward Links: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Cached Snapshot of Page: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Similar Pages: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)
Translate Page into English: c:\Program Files\Google\GoogleToolbar1.dll [2007/01/19 22:55:32 | 02,403,392 | R--- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://a1540.g.akamai.net/7/1540/52/200610...ex/qtplugin.cab -- QuickTime Object
{05D44720-58E3-49E6-BDF6-D00330E511D3}: http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab -- StagingUI Object
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}: http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab -- ZoneBuddy Class
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{55027008-315F-4F45-BBC3-8BE119764741}: http://www.slide.com/uploader/SlideImageUploader.cab -- Slide Image Uploader Control
{5736C456-EA94-4AAC-BB08-917ABDD035B3}: http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab -- ZonePAChat Object
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4}: http://catalog.update.microsoft.com/v7/sit...b?1199302321453 -- MUCatalogWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1229495589656 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{CAC181B0-4D70-402D-B571-C596A47D0CE0}: http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab -- CBankshotZoneCtrl Class
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CD995117-98E5-4169-9920-6C12D4C0B548}: http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab -- HGPlugin9USA Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}: http://zone.msn.com/binframework/v10/StProxy.cab41227.cab -- StadiumProxy Class
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}: https://aimprods01.webex.com/client/v_myweb...bex/ieatgpc.cab -- GpcContainer Class

========== (O17) DNS Name Servers ==========

{7FFF62B2-ABE6-4249-B1D3-C549C60E9540} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
tuvUmLET: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
yayvSjji: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [SET PATH=%PATH%;C:\PROGRA~1\COMMON~1\AUTODE~1 | ]
[2006/05/16 12:25:11 | 00,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []
[2008/12/30 00:41:41 | 00,000,000 | RHSD | M] -- C:\autorun.inf -- [ NTFS ]

autorun.inf []
[2008/12/30 00:41:41 | 00,000,000 | RHSD | M] -- E:\autorun.inf -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- F:\AUTOEXEC.BAT -- [ FAT32 ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\AutoRun\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\install\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualEnglish\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualFrench\command]
""=G:\rcaeasyrip_setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e5f4aa6-d227-11dd-843a-00132090a0fb}\Shell\usermanualSpanish\command]
""=G:\rcaeasyrip_setup.exe -- File not found


========== Files/Folders - Created Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/01/03 21:36:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/03 21:36:12 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/03 21:36:10 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/03 21:36:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/03 21:35:04 | 02,539,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wilson\Desktop\mbam-setup.exe
[2009/01/03 21:14:58 | 16,168,344 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\jre-6u11-windows-i586-p.exe
[2009/01/02 17:02:37 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/02 17:02:37 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/02 17:02:37 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/02 17:02:37 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/02 17:02:37 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/02 17:02:37 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/02 17:02:37 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/02 17:02:37 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/02 17:02:37 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/02 17:02:32 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/02 16:52:08 | 02,888,012 | R--- | C] () -- C:\Documents and Settings\Wilson\Desktop\ComboFix.exe
[2008/12/30 03:01:13 | 17,593,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/30 01:13:31 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/12/30 01:13:30 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/12/30 01:04:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/12/30 01:04:25 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/12/30 01:04:18 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/12/30 00:50:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/30 00:45:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2008/12/30 00:41:41 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2008/12/29 16:36:16 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/12/29 16:36:16 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/12/28 19:18:04 | 00,000,000 | ---D | C] -- C:\Program Files\DellSupport
[2008/12/27 15:35:35 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe
[2008/12/21 17:51:57 | 00,000,705 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\World of Warcraft Trial.lnk
[2008/12/21 17:50:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2008/12/21 17:50:12 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Trial
[2008/12/17 20:55:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\McAfee
[2008/12/17 14:22:15 | 00,020,220 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\photo.jpg
[2008/12/17 09:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\Malwarebytes
[2008/12/17 09:24:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/17 01:28:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\InstallShield
[2008/12/16 23:22:36 | 00,020,689 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\sci exam.odt
[2008/12/16 20:44:17 | 00,000,116 | -H-- | C] () -- C:\Documents and Settings\Wilson\My Documents\.~lock.Sci Vocab.odt#
[2008/12/16 20:44:16 | 00,019,239 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Sci Vocab.odt
[2008/12/16 20:31:28 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/16 20:31:28 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/12/16 20:13:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\Uniblue
[2008/12/16 14:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\AdobeUM
[2008/12/15 19:38:35 | 00,015,730 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Ishmael paper.odt
[2008/12/15 18:39:12 | 00,036,967 | ---- | C] () -- C:\Documents and Settings\Wilson\My Documents\Final exam review.odt
[2008/12/15 18:31:35 | 00,019,053 | ---- | C] () -- C:\Documents and Settings\Wilson\Desktop\Litton.odt
[2008/12/15 18:03:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wilson\Application Data\OpenOffice.org
[2008/12/15 18:01:10 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2008/12/15 17:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2008/12/15 17:56:33 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2008/12/15 17:28:21 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2008/12/15 17:28:20 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2008/12/15 17:28:19 | 00,000,000 | ---D | C] -- C:\Program Files\Dell 720
[2008/12/15 17:27:08 | 00,000,000 | ---D | C] -- C:\Dell720

========== Files - Modified Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/01/03 21:36:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/03 21:35:07 | 02,539,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wilson\Desktop\mbam-setup.exe
[2009/01/03 21:32:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/03 21:31:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/03 21:31:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/03 21:31:18 | 21,454,39744 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/03 21:30:28 | 00,018,195 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/01/03 21:14:58 | 16,168,344 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\jre-6u11-windows-i586-p.exe
[2009/01/03 21:08:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/03 21:03:56 | 02,888,012 | R--- | M] () -- C:\Documents and Settings\Wilson\Desktop\ComboFix.exe
[2009/01/03 00:51:45 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/01/03 00:51:45 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/01/02 14:20:37 | 00,000,642 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/01/01 13:51:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/30 01:09:25 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/30 01:04:29 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/12/29 16:19:39 | 00,000,558 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/29 16:19:39 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2008/12/29 13:39:16 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/12/28 19:05:32 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wedadopi
[2008/12/27 15:35:41 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilson\Desktop\OTViewIt.exe
[2008/12/21 17:51:58 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\World of Warcraft Trial.lnk
[2008/12/17 20:36:49 | 00,000,421 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/17 14:22:15 | 00,020,220 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\photo.jpg
[2008/12/17 09:13:48 | 01,615,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/16 23:28:01 | 00,020,689 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\sci exam.odt
[2008/12/16 20:44:18 | 00,019,239 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Sci Vocab.odt
[2008/12/16 20:44:17 | 00,000,116 | -H-- | M] () -- C:\Documents and Settings\Wilson\My Documents\.~lock.Sci Vocab.odt#
[2008/12/16 13:45:35 | 00,015,730 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Ishmael paper.odt
[2008/12/15 18:45:32 | 00,101,184 | ---- | M] () -- C:\Documents and Settings\Wilson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/15 18:39:15 | 00,036,967 | ---- | M] () -- C:\Documents and Settings\Wilson\My Documents\Final exam review.odt
[2008/12/15 18:31:36 | 00,019,053 | ---- | M] () -- C:\Documents and Settings\Wilson\Desktop\Litton.odt
[2008/12/15 18:01:10 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2008/12/15 01:13:38 | 00,000,342 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >



OTViewIt Extras logfile created on: 1/3/2009 10:10:54 PM - Run 7
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Wilson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 78.94% Memory free
2.97 Gb Paging File | 2.69 Gb Available in Paging File | 90.28% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1349;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.79 Gb Total Space | 18.03 Gb Free Space | 53.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69.24 Gb Total Space | 52.34 Gb Free Space | 75.59% Space Free | Partition Type: NTFS
Drive F: | 5.27 Gb Total Space | 0.92 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGRED
Current User Name: Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = Reg Error: Key does not exist or could not be opened.] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2008/05/23 10:52:44 | 01,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe:*:Enabled:IntelMEM
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe:*:Enabled:mcsysmon
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe:*:Enabled:nmctxth
[2007/01/16 12:59:50 | 04,838,952 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/03 13:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}"=Sony ACID XPress 5.0a
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}"=Canon CanoScan Toolbox 4.5
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}"=Intel® PROSet for Wired Connections
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Modem On Hold
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}"=Network Magic
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}"=Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0.7
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}"=ATI Catalyst Control Center
"{F44DA61E-720D-4E79-871F-F6E628B33242}"=OpenOffice.org 3.0
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"7-Zip"=7-Zip 4.44 beta
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop 7.0"=Adobe Photoshop 7.0
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"CCleaner"=CCleaner (remove only)
"Dell Photo Printer 720"=Dell Photo Printer 720
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"LastFM_is1"=Last.fm 1.5.1.29527
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"Network MagicUninstall"=Network Magic
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PROSet"=Intel® PRO Network Adapters and Drivers
"TweakNow RegCleaner Standard_is1"=TweakNow RegCleaner Standard
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Warcraft Trial"=World of Warcraft Trial

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-686339793-655265357-1523162878-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"World of Warcraft Trial"=World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2008 7:31:22 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.7.142, faulting module
unknown, version 0.0.0.0, fault address 0x00d22433.

Error - 12/24/2008 7:31:29 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application nmapp.exe, version 4.5.7228.0, faulting module
unknown, version 0.0.0.0, fault address 0x02ee2433.

Error - 12/24/2008 7:31:30 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application qttask.exe, version 7.4.1.14, faulting module
unknown, version 0.0.0.0, fault address 0x01382433.

Error - 12/24/2008 9:47:17 PM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00bc3ef2.

Error - 12/24/2008 9:48:01 PM | Computer Name = BIGRED | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 12/24/2008 9:51:25 PM | Computer Name = BIGRED | Source = Application Error | ID = 1004
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00bc3ef2.

Error - 12/25/2008 7:00:47 AM | Computer Name = BIGRED | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2008 4:37:58 PM | Computer Name = BIGRED | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2008 4:43:01 PM | Computer Name = BIGRED | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2008 4:01:50 AM | Computer Name = BIGRED | Source = Application Error | ID = 1000
Description = Faulting application qcconsol.exe, version 8.1.106.0, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x00019c0f.

[ System Events ]
Error - 1/3/2009 10:30:13 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/3/2009 10:30:13 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/3/2009 10:30:14 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/3/2009 10:30:14 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/3/2009 10:30:14 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/3/2009 10:30:14 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/3/2009 10:30:14 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/3/2009 10:30:14 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/3/2009 10:30:14 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/3/2009 10:30:14 PM | Computer Name = BIGRED | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >



as always thanks a million
sagasha
mysterious dust from space

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 PM

Posted 04 January 2009 - 04:54 PM

Hello again.

Log looks better. Some leftover entries and a file to take care of. We also need an online scan too :thumbsup:

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    C:\windows\system32\g80.exe
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvUmLET]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayvSjji]
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Please post back with:
-Combofix log
-Kaspersky scan log
-New OTViewIT log
-Any Problems


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users