Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop ups


  • This topic is locked This topic is locked
13 replies to this topic

#1 ssj2gohan78

ssj2gohan78

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 24 December 2008 - 12:19 AM

been haveing some pop ups lately starting to bug me and a program malewarebytes cant remove ms juan or something heres the logs u need i think my first time doing this so if u could help that would be great thx


DDS (Version 1.1.0) - NTFSx86
Run by Timothy at 0:03:05.62 on Wed 12/24/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1790.1272 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\Xfire\xfire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Timothy\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = actsvr.comcastonline.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: c:\windows\system32\pqdfpd.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Veoh Browser Plug-in: {D0943516-5076-4020-A3B5-AEFAF26AB263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Filter: text/html - {c0258b34-c4ac-4ef0-bdc0-157697a139e3} - c:\windows\system32\mst120.dll
AppInit_DLLs: pqdfpd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-9-8 201320]
R1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys [2008-3-12 33824]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-9-8 359248]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\McShield.exe [2008-9-8 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-11-19 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-9-8 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-8 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-8 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-8 40488]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\timothy\locals~1\temp\{1735a~1\atiicdxx.sys []
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-8 33832]
S3 NTProcDrv;Process creation detector for NT.;\??\e:\timmys\NtProcDrv.sys [2008-11-25 3584]
S3 Revolution1;Revolution1;\??\c:\docume~1\timothy\locals~1\temp\rar$ex46.718\gb\revolution_engine_8.3_shak3\SHAK3.sys []
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys []
S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys []

=============== Created Last 30 ================

2008-12-23 22:19 <DIR> --d----- c:\docume~1\timothy\applic~1\Malwarebytes
2008-12-23 22:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-23 22:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 22:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 22:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-23 21:00 130,048 a------- c:\windows\system32\pqdfpd.dll
2008-12-23 21:00 130,048 a------- c:\windows\system32\peoechbj.dll
2008-12-22 18:04 250 a------- c:\windows\wininit.ini
2008-12-22 17:44 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-22 17:37 <DIR> --d----- c:\docume~1\timothy\applic~1\Antispyware
2008-12-21 20:59 95,744 a------- c:\windows\system32\nlnlfmfn.dll
2008-12-21 20:51 135,680 a------- c:\windows\system32\vnwqky.dll
2008-12-21 20:51 135,680 a------- c:\windows\system32\ajxbuyyv.dll
2008-12-17 20:44 304 a------- C:\config.ini
2008-12-16 02:58 <DIR> --d----- c:\program files\Silkroad
2008-12-16 00:07 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-16 00:07 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-12 18:15 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-12-11 15:37 42,320 a------- c:\windows\system32\xfcodec.dll

==================== Find3M ====================

2008-12-22 21:01 139,280 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-22 21:01 202,000 a------- c:\windows\system32\PnkBstrB.exe
2008-11-06 19:20 8,216 a------- c:\windows\system32\mst120.dll
2008-11-01 20:44 22,328 ac------ c:\docume~1\timothy\applic~1\PnkBstrK.sys
2008-11-01 20:43 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-11-01 20:43 682,280 a------- c:\windows\system32\pbsvc.exe

============= FINISH: 0:03:39.98 ===============


Malwarebytes' Anti-Malware 1.31
Database version: 1538
Windows 5.1.2600 Service Pack 2

12/23/2008 11:50:30 PM
mbam-log-2008-12-23 (23-50-30).txt

Scan type: Quick Scan
Objects scanned: 54905
Time elapsed: 1 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:34 AM, on 12/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\Xfire\xfire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {5af02620-e67d-286b-b264-295cc8d34082} - {28043d8c-c592-462b-b682-d76e02620fa5} - C:\WINDOWS\system32\pqdfpd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [tehefiburo] Rundll32.exe "C:\WINDOWS\system32\wudepuve.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [tehefiburo] Rundll32.exe "C:\WINDOWS\system32\wudepuve.dll",s (User 'NETWORK SERVICE')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229123732672
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O18 - Filter hijack: text/html - {c0258b34-c4ac-4ef0-bdc0-157697a139e3} - C:\WINDOWS\system32\mst120.dll
O20 - AppInit_DLLs: pqdfpd.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6204 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 02 January 2009 - 04:53 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log
  • Description of Problems you still have

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 ssj2gohan78

ssj2gohan78
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 03 January 2009 - 03:18 AM

Hello EB thanks for takeing the time to help me i did everything u asked but as soon as the kaspersky scan got done my ie closed and didnt give me any time to save the report but i do got the other 2 logs im gonna have to do another scan tomarrow the problems im still haveing are the vundo virus mcafee keeps trying to delete it mcafee also gets alot of pups poping up theres also popups that still happen antivirus 2009 or something like that well here are the 2 logs ill get u the other report as soon as i can

OTViewIt Extras logfile created on: 1/3/2009 12:12:31 AM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Timothy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 73.92% Memory free
3.60 Gb Paging File | 3.24 Gb Available in Paging File | 89.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 3.84 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 38.33 Gb Total Space | 15.14 Gb Free Space | 39.49% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIM-74162D787E8
Current User Name: Timothy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 00:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 00:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/11/01 20:43:57 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2008/12/24 11:13:21 | 00,202,000 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
File not found -- C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire
[2008/11/09 21:56:47 | 00,462,336 | ---- | M] () -- C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server
File not found -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s
File not found -- C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp
File not found -- C:\Documents and Settings\Timothy\Desktop\Timmys\Silkroad\nuConnector.exe:*:Enabled:nuConnector
File not found -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
File not found -- C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>
File not found -- C:\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\Program Files\Steam\steamapps\iccold\garrysmod\hl2.exe:*:Enabled:hl2
[2008/12/09 20:03:10 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
File not found -- C:\Program Files\RadLight Company\RadLight 4.0\rlkernel.exe:*:Enabled:Kernel Executable
File not found -- C:\Program Files\Steam\steamapps\iccold\source sdk base\hl2.exe:*:Enabled:hl2
[2008/07/04 19:31:30 | 00,106,496 | ---- | M] () -- C:\Program Files\Steam\steamapps\ssj2gohan78\source sdk base\hl2.exe:*:Enabled:hl2
File not found -- C:\Documents and Settings\Timothy\Desktop\SRO_NEW_Full-Client_Downloader.exe:*:Enabled:Full-Client Downloader
File not found -- C:\Documents and Settings\Timothy\Desktop\Timmys\Silkroad\nuConnector6.exe:*:Enabled:nuConnector6
File not found -- C:\Documents and Settings\Timothy\Desktop\Timmys\Silkroad\nuConnector63.exe:*:Enabled:nuConnector63
File not found -- C:\Documents and Settings\Timothy\Desktop\Timmys\Silkroad\nuConnector64.exe:*:Enabled:nuConnector64
File not found -- C:\Documents and Settings\Timothy\Desktop\Timmys\Silkroad\nuConnector66a.exe:*:Enabled:nuConnector66a
File not found -- C:\Rohan\rohanclient.exe:*:Enabled:Rohan Online Game
[2007/11/19 14:13:12 | 00,274,432 | ---- | M] () -- C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv
[2008/10/21 23:16:20 | 00,098,304 | ---- | M] () -- C:\Program Files\Steam\steamapps\ssj2gohan78\team fortress 2\hl2.exe:*:Enabled:hl2
[2008/12/24 13:57:53 | 00,098,304 | ---- | M] () -- C:\Program Files\Steam\steamapps\ssj2gohan78\garrysmod\hl2.exe:*:Enabled:hl2
File not found -- C:\Documents and Settings\Timothy\Desktop\Timmys\Public_Installer\server\orangebox\srcds.exe:*:Enabled:srcds
File not found -- C:\Program Files\Steam\steamapps\ssj2gohan78\Public_Installer\server\orangebox\srcds.exe:*:Enabled:srcds
[2008/08/28 00:42:06 | 00,132,344 | ---- | M] () -- C:\Program Files\Steam\steamapps\ssj2gohan78\source 2007 dedicated server\srcds.exe:*:Enabled:srcds
File not found -- C:\Documents and Settings\Timothy\Desktop\Timmys\Silkroad\nuConnector70.exe:*:Enabled:nuConnector70
File not found -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™
File not found -- C:\Documents and Settings\Timothy\Desktop\Timmys\Silkroad\nuConnector71.exe:*:Enabled:nuConnector71
File not found -- C:\Documents and Settings\Timothy\Desktop\Timmys\Silkroad\SROEmbed.exe:*:Enabled:HookSrv
File not found -- C:\Documents and Settings\Timothy\Desktop\Timmys\Silkroad\SilkErrSender.exe:*:Enabled:FTPSender MFC ?? ????
File not found -- C:\Documents and Settings\Timothy\Desktop\Timmys\SROEmbed.exe:*:Enabled:HookSrv
File not found -- C:\Documents and Settings\Timothy\Local Settings\Temporary Internet Files\Content.IE5\OLEYG0LG\Silkroad_Manual-Patch_Downloader[1].exe:*:Enabled:Full-Client Downloader
File not found -- E:\Silkroad\nuConnector75.exe:*:Enabled:nuConnector75
File not found -- E:\Silkroad\nuConnector76.exe:*:Enabled:nuConnector76
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
File not found -- C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory
File not found -- C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe:*:Enabled:Call of Duty®: World at War Multiplayer
[2008/11/10 10:23:50 | 01,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe
[2008/11/07 09:30:40 | 05,488,640 | ---- | M] (Activision Blizzard, Inc.) -- C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™
[2008/11/09 23:47:14 | 05,444,880 | ---- | M] (Activision Blizzard, Inc.) -- C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™
[2008/12/11 15:37:40 | 02,990,416 | ---- | M] (Xfire Inc.) -- E:\Xfire\xfire.exe:*:Enabled:Xfire
[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/11/23 07:03:33 | 00,628,024 | ---- | M] () -- C:\Documents and Settings\Timothy\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:dppmmain Application
[2008/06/23 04:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2008/11/11 16:49:55 | 00,065,536 | ---- | M] () -- E:\Timmys\srobot.exe:*:Enabled:HookSrv
File not found -- E:\Timmys\Silkroad\nuConnector77.exe:*:Enabled:nuConnector77
File not found -- C:\Program Files\Silkroad\nuConnector77.exe:*:Enabled:nuConnector77
[2004/08/04 00:56:52 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui
[2004/08/04 00:56:58 | 00,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon
[2004/08/04 00:56:52 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass
[2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}"=Ventrilo Server
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{706A6867-6CCB-4280-A1E3-BAFBA688D70E}"=MapleStory
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}"=Call of Duty® 2 Patch 1.3
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}"=Microsoft Games for Windows - LIVE Redistributable
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}"=Fallout 3
"{AC76BA86-7AD7-1033-7B44-A81100000003}"=Adobe Reader 8.1.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}"=REALTEK GbE & FE Ethernet PCI NIC Driver
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}"=Call of Duty® - World at War™ 1.1 Patch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}"=WinZip 12.0
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}"=Call of Duty® - World at War™
"{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty® 4 - Modern Warfare™
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"AIM_6"=AIM 6
"CABAL Online_is1"=CABAL Online
"CamStudio"=CamStudio
"ComcastHSI"=Comcast High-Speed Internet Install Wizard
"DyynoPlayer"=DyynoPlayer 0.8.6f
"Guild Wars"=Guild Wars
"Half-Life Dedicated Server Update Tool"=Half-Life Dedicated Server Update Tool
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}"=Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}"=Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty® 4 - Modern Warfare™
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PunkBusterSvc"=PunkBuster Services
"Silkroad"=Silkroad
"Steam App 310"=Team Fortress 2 Dedicated Server
"Steam App 4000"=Garry's Mod
"Steam App 440"=Team Fortress 2
"SystemRequirementsLab"=System Requirements Lab
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1"=TeamSpeak 2 Server RC2
"VLC media player"=VideoLAN VLC media player 0.8.6f
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire"=Xfire (remove only)
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2008 8:11:40 AM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x000111de.

Error - 12/1/2008 10:00:20 AM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00011629.

Error - 12/1/2008 2:58:19 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module libvlc.dll, version 0.0.0.0, fault address 0x0007cd07.

Error - 12/4/2008 4:02:00 PM | Computer Name = TIM-74162D787E8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/4/2008 4:02:01 PM | Computer Name = TIM-74162D787E8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2008 5:37:10 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application codwawmp.exe, version 1.0.0.1, faulting module
codwawmp.exe, version 1.0.0.1, fault address 0x001e86b6.

Error - 12/15/2008 3:44:19 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application codwawmp.exe, version 1.0.0.1, faulting module
codwawmp.exe, version 1.0.0.1, fault address 0x0005f369.

Error - 12/18/2008 5:21:33 AM | Computer Name = TIM-74162D787E8 | Source = MsiInstaller | ID = 11706
Description = Product: MapleStory -- Error 1706.No valid source could be found for
product MapleStory. The Windows Installer cannot continue.

Error - 12/22/2008 9:59:36 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application hijackthis.exe, version 2.0.0.2, faulting module
gebspmgx.dll, version 1.2.626.1, fault address 0x00057e43.

Error - 12/22/2008 10:54:05 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module mshtml.dll, version 7.0.6000.16705, fault address 0x0025411c.

[ System Events ]
Error - 1/2/2009 8:00:01 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At20.job command failed to start due to the following error: %%2147942402

Error - 1/2/2009 8:00:02 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At44.job command failed to start due to the following error: %%2147942402

Error - 1/2/2009 9:00:01 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At21.job command failed to start due to the following error: %%2147942402

Error - 1/2/2009 9:00:02 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At45.job command failed to start due to the following error: %%2147942402

Error - 1/2/2009 10:00:01 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At22.job command failed to start due to the following error: %%2147942402

Error - 1/2/2009 10:00:02 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At46.job command failed to start due to the following error: %%2147942402

Error - 1/2/2009 11:00:01 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At23.job command failed to start due to the following error: %%2147942402

Error - 1/2/2009 11:00:02 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At47.job command failed to start due to the following error: %%2147942402

Error - 1/3/2009 12:00:01 AM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At24.job command failed to start due to the following error: %%2147942402

Error - 1/3/2009 12:00:03 AM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At48.job command failed to start due to the following error: %%2147942402


< End of report >

OTViewIt logfile created on: 1/3/2009 12:12:31 AM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Timothy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 73.92% Memory free
3.60 Gb Paging File | 3.24 Gb Available in Paging File | 89.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 3.84 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 38.33 Gb Total Space | 15.14 Gb Free Space | 39.49% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIM-74162D787E8
Current User Name: Timothy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/12/16 00:06:46 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/12/16 00:06:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/11/01 20:43:57 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2003/08/29 16:13:04 | 01,436,160 | ---- | M] (Dominating Bytes Design) -- C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2004/08/04 00:56:56 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/11/07 08:35:40 | 00,361,800 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsshld.exe
[2007/11/06 15:22:10 | 00,259,400 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsmap.exe
[2008/12/02 15:11:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/01/03 00:11:20 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/12/16 00:06:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [On_Demand | Running])
[2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2008/11/01 20:43:57 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/08/29 15:11:00 | 03,644,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/05/04 22:53:07 | 00,399,616 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\system32\drivers\EagleNt.sys -- (EagleNT [On_Demand | Stopped])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2005/02/23 15:08:16 | 00,003,584 | ---- | M] () -- E:\Timmys\NTProcDrv.sys -- (NTProcDrv [On_Demand | Stopped])
[2008/05/16 13:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2008/03/12 23:36:02 | 00,033,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32 [System | Running])
[2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Stopped])
[2006/01/18 18:41:58 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{5DEC1338-1FAB-40B0-83A8-1B7E9B3C9746} (HKLM) -- C:\WINDOWS\system32\xxyvstRL.dll ()
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (HKLM) -- C:\WINDOWS\system32\wvUlmnKD.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{77AB5974-55A3-4737-9FD5-B93C64307F78} (HKLM) -- C:\WINDOWS\system32\someeoux.dll ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tehefiburo"=Rundll32.exe "C:\WINDOWS\system32\wudepuve.dll",s File not found

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tehefiburo"=Rundll32.exe "C:\WINDOWS\system32\wudepuve.dll",s File not found

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab -- Reg Error: Key does not exist or could not be opened.
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{1E54D648-B804-468d-BC78-4AFFED8E262E}: http://www.srtest.com/srl_bin/sysreqlab_srl.cab -- System Requirements Lab Class
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab -- CDownloadCtrl Object
{4E218431-2F07-40BD-A9D3-035324C1F13F}: http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB -- DyynoX Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1229123732672 -- WUWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}: http://www.acclaim.com/cabs/acclaim_v5.cab -- GameLauncher Control
{6B75345B-AA36-438A-BBE6-4078B4C6984D}: http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab -- HpProductDetection Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{7D21C6BB-BBE5-46AF-B43A-8CE0B001CB76} (Servers: | Description: 1394 Net Adapter)
{7F574659-2E40-437B-90E2-79166F658FE4} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\vetajume.dll c:\windows\system32\dataheme.dll ogckjr.dll kxztij.dll nvhdpn.dll gygnqn.dll jircas.dll
>File not found -- C:\WINDOWS\system32\vetajume.dll
>File not found -- c:\windows\system32\dataheme.dll
>[2008/12/29 21:20:45 | 00,131,584 | ---- | M] () -- C:\WINDOWS\system32\ogckjr.dll
>[2008/12/30 16:41:27 | 00,126,976 | ---- | M] () -- C:\WINDOWS\system32\kxztij.dll
>[2008/12/31 16:44:27 | 00,130,560 | ---- | M] () -- C:\WINDOWS\system32\nvhdpn.dll
>[2009/01/01 16:38:04 | 00,132,608 | ---- | M] () -- C:\WINDOWS\system32\gygnqn.dll
>[2009/01/02 16:41:13 | 00,134,144 | ---- | M] () -- C:\WINDOWS\system32\jircas.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
wvUlmnKD: "DllName" = wvUlmnKD.dll -- C:\WINDOWS\system32\wvUlmnKD.dll ()

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" (HKLM) -- C:\WINDOWS\system32\wvUlmnKD.dll ()

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\xxyvstRL,
>[2008/12/28 21:15:43 | 00,291,840 | ---- | M] () -- C:\WINDOWS\system32\xxyvstRL.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/01/14 18:09:21 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/03 00:11:20 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Timothy\Desktop\OTViewIt.exe
[2009/01/02 16:41:15 | 00,134,144 | ---- | C] () -- C:\WINDOWS\System32\jircas.dll
[2009/01/02 16:41:12 | 00,134,144 | ---- | C] () -- C:\WINDOWS\System32\kyqsrtet.dll
[2009/01/02 16:41:04 | 01,307,941 | -HS- | C] () -- C:\WINDOWS\System32\uidnleqv.ini
[2009/01/02 16:41:02 | 00,089,600 | ---- | C] () -- C:\WINDOWS\System32\vqelndiu.dll
[2009/01/01 16:38:06 | 00,132,608 | ---- | C] () -- C:\WINDOWS\System32\gygnqn.dll
[2009/01/01 16:38:04 | 00,132,608 | ---- | C] () -- C:\WINDOWS\System32\vkudfcjf.dll
[2009/01/01 16:35:53 | 01,307,941 | -HS- | C] () -- C:\WINDOWS\System32\rrwagaxx.ini
[2008/12/31 19:18:10 | 00,713,381 | ---- | C] () -- C:\Documents and Settings\Timothy\Desktop\C19H28O2.v7.13.zip
[2008/12/31 16:44:29 | 00,130,560 | ---- | C] () -- C:\WINDOWS\System32\nvhdpn.dll
[2008/12/31 16:44:26 | 00,130,560 | ---- | C] () -- C:\WINDOWS\System32\omhttdbk.dll
[2008/12/31 16:41:27 | 01,307,941 | -HS- | C] () -- C:\WINDOWS\System32\ptvmfdbo.ini
[2008/12/30 16:41:28 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\kxztij.dll
[2008/12/30 16:41:26 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\ifdrrsjk.dll
[2008/12/30 16:33:39 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\someeoux.dll
[2008/12/30 00:04:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\SystemRequirementsLab
[2008/12/29 21:32:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/29 21:32:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Local Settings\Application Data\Mozilla
[2008/12/29 21:32:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\Mozilla
[2008/12/29 21:32:21 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/29 21:32:14 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/12/29 21:31:54 | 07,518,240 | ---- | C] (Mozilla) -- C:\Documents and Settings\Timothy\Desktop\Firefox Setup 3.0.5.exe
[2008/12/29 21:26:50 | 01,307,941 | -HS- | C] () -- C:\WINDOWS\System32\tojegtxw.ini
[2008/12/29 21:26:44 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\wxtgejot.dll
[2008/12/29 21:20:47 | 00,131,584 | ---- | C] () -- C:\WINDOWS\System32\ogckjr.dll
[2008/12/29 21:20:44 | 00,131,584 | ---- | C] () -- C:\WINDOWS\System32\ightgreg.dll
[2008/12/28 21:25:22 | 00,050,176 | ---- | C] () -- C:\WINDOWS\System32\fccbYqrO.dll
[2008/12/28 21:22:04 | 01,306,974 | -HS- | C] () -- C:\WINDOWS\System32\urslisxa.ini
[2008/12/28 21:21:57 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\axsilsru.dll
[2008/12/28 21:18:27 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\ubwaswda.dll
[2008/12/28 21:15:49 | 00,675,401 | -HS- | C] () -- C:\WINDOWS\System32\LRtsvyxx.ini2
[2008/12/28 21:15:48 | 00,675,401 | -HS- | C] () -- C:\WINDOWS\System32\LRtsvyxx.ini
[2008/12/28 21:15:39 | 00,291,840 | ---- | C] () -- C:\WINDOWS\System32\xxyvstRL.dll
[2008/12/28 21:10:31 | 00,050,176 | ---- | C] () -- C:\WINDOWS\System32\wvUlmnKD.dll
[2008/12/27 04:49:32 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\Timothy\Desktop\Shortcut to FalloutLauncher.lnk
[2008/12/27 00:50:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\My Documents\My Games
[2008/12/27 00:50:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Local Settings\Application Data\Fallout3
[2008/12/27 00:48:25 | 04,761,284 | ---- | C] () -- C:\Documents and Settings\Timothy\Desktop\rld-fou3.7z
[2008/12/27 00:17:35 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2008/12/27 00:14:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2008/12/27 00:13:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2008/12/27 00:13:56 | 00,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2008/12/27 00:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2008/12/27 00:12:02 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2008/12/27 00:09:45 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/12/27 00:09:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2008/12/27 00:04:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2008/12/24 10:20:27 | 01,603,449 | -HS- | C] () -- C:\WINDOWS\System32\usinibil.ini
[2008/12/24 00:13:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Local Settings\Application Data\WinZip
[2008/12/24 00:12:35 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/24 00:11:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/12/24 00:11:49 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2008/12/23 22:19:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\Malwarebytes
[2008/12/23 22:19:42 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/23 22:19:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/23 22:19:39 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/23 22:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/23 22:19:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/23 22:18:39 | 02,538,872 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Timothy\Desktop\mbam-setup.exe
[2008/12/23 21:00:48 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\peoechbj.dll
[2008/12/22 18:04:39 | 00,000,250 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/22 17:44:33 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/22 17:37:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\Antispyware
[2008/12/21 20:51:59 | 00,135,680 | ---- | C] () -- C:\WINDOWS\System32\vnwqky.dll
[2008/12/21 20:51:56 | 00,135,680 | ---- | C] () -- C:\WINDOWS\System32\ajxbuyyv.dll
[2008/12/21 20:45:36 | 00,000,314 | ---- | C] () -- C:\WINDOWS\tasks\ynfwvcxr.job
[2008/12/17 20:44:56 | 00,000,304 | ---- | C] () -- C:\config.ini
[2008/12/16 00:06:42 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/12/13 16:37:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Desktop\Tibba
[2008/12/12 18:15:58 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/12/11 15:37:44 | 00,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/03 00:13:13 | 00,675,401 | -HS- | M] () -- C:\WINDOWS\System32\LRtsvyxx.ini
[2009/01/03 00:12:49 | 00,675,401 | -HS- | M] () -- C:\WINDOWS\System32\LRtsvyxx.ini2
[2009/01/03 00:11:20 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy\Desktop\OTViewIt.exe
[2009/01/02 23:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2009/01/02 23:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2009/01/02 22:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2009/01/02 22:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2009/01/02 21:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2009/01/02 21:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2009/01/02 20:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2009/01/02 20:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2009/01/02 19:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2009/01/02 19:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2009/01/02 18:00:03 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\ynfwvcxr.job
[2009/01/02 18:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2009/01/02 18:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2009/01/02 17:49:05 | 00,022,299 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/01/02 17:47:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/02 17:46:44 | 00,127,254 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/02 17:46:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/02 17:46:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/02 17:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2009/01/02 17:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2009/01/02 16:41:22 | 01,307,941 | -HS- | M] () -- C:\WINDOWS\System32\uidnleqv.ini
[2009/01/02 16:41:13 | 00,134,144 | ---- | M] () -- C:\WINDOWS\System32\kyqsrtet.dll
[2009/01/02 16:41:13 | 00,134,144 | ---- | M] () -- C:\WINDOWS\System32\jircas.dll
[2009/01/02 16:41:02 | 00,089,600 | ---- | M] () -- C:\WINDOWS\System32\vqelndiu.dll
[2009/01/02 16:37:03 | 01,307,941 | -HS- | M] () -- C:\WINDOWS\System32\rrwagaxx.ini
[2009/01/02 16:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2009/01/02 16:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2009/01/02 15:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2009/01/02 15:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2009/01/02 14:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2009/01/02 14:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2009/01/02 13:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2009/01/02 13:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2009/01/02 12:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2009/01/02 12:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2009/01/02 11:00:03 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2009/01/02 11:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2009/01/02 10:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2009/01/02 10:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2009/01/02 09:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2009/01/02 09:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2009/01/02 08:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2009/01/02 08:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2009/01/02 07:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2009/01/02 07:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2009/01/02 06:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2009/01/02 06:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2009/01/02 05:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2009/01/02 05:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2009/01/02 04:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2009/01/02 04:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2009/01/02 03:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2009/01/02 03:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2009/01/02 02:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2009/01/02 02:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2009/01/02 01:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2009/01/02 01:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009/01/02 00:39:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2009/01/02 00:19:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/01/01 16:38:04 | 00,132,608 | ---- | M] () -- C:\WINDOWS\System32\vkudfcjf.dll
[2009/01/01 16:38:04 | 00,132,608 | ---- | M] () -- C:\WINDOWS\System32\gygnqn.dll
[2009/01/01 01:24:00 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/12/31 19:18:11 | 00,713,381 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\C19H28O2.v7.13.zip
[2008/12/31 16:44:27 | 00,130,560 | ---- | M] () -- C:\WINDOWS\System32\omhttdbk.dll
[2008/12/31 16:44:27 | 00,130,560 | ---- | M] () -- C:\WINDOWS\System32\nvhdpn.dll
[2008/12/31 16:41:35 | 01,307,941 | -HS- | M] () -- C:\WINDOWS\System32\ptvmfdbo.ini
[2008/12/31 02:18:11 | 00,001,326 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\Silkroad.lnk
[2008/12/30 21:27:36 | 01,307,941 | -HS- | M] () -- C:\WINDOWS\System32\tojegtxw.ini
[2008/12/30 16:41:27 | 00,126,976 | ---- | M] () -- C:\WINDOWS\System32\kxztij.dll
[2008/12/30 16:41:27 | 00,126,976 | ---- | M] () -- C:\WINDOWS\System32\ifdrrsjk.dll
[2008/12/30 16:33:39 | 00,116,736 | ---- | M] () -- C:\WINDOWS\System32\someeoux.dll
[2008/12/29 21:32:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2008/12/29 21:32:21 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/29 21:31:54 | 07,518,240 | ---- | M] (Mozilla) -- C:\Documents and Settings\Timothy\Desktop\Firefox Setup 3.0.5.exe
[2008/12/29 21:26:45 | 00,087,552 | ---- | M] () -- C:\WINDOWS\System32\wxtgejot.dll
[2008/12/29 21:20:45 | 00,131,584 | ---- | M] () -- C:\WINDOWS\System32\ogckjr.dll
[2008/12/28 21:22:16 | 01,306,974 | -HS- | M] () -- C:\WINDOWS\System32\urslisxa.ini
[2008/12/28 21:15:43 | 00,291,840 | ---- | M] () -- C:\WINDOWS\System32\xxyvstRL.dll
[2008/12/28 21:10:33 | 00,050,176 | ---- | M] () -- C:\WINDOWS\System32\wvUlmnKD.dll
[2008/12/27 15:50:34 | 00,094,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/27 04:49:32 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\Shortcut to FalloutLauncher.lnk
[2008/12/27 00:48:37 | 04,761,284 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\rld-fou3.7z
[2008/12/27 00:46:04 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/12/27 00:18:04 | 00,500,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/27 00:18:04 | 00,427,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/27 00:18:04 | 00,066,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/24 11:13:28 | 00,139,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/24 11:13:21 | 00,202,000 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/12/24 10:22:31 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\godeseju
[2008/12/24 10:20:38 | 01,603,449 | -HS- | M] () -- C:\WINDOWS\System32\usinibil.ini
[2008/12/24 00:12:35 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/23 22:19:42 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/23 22:18:46 | 02,538,872 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Timothy\Desktop\mbam-setup.exe
[2008/12/23 19:58:44 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\Timothy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/22 22:09:36 | 00,000,250 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/22 17:44:38 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\Spybot - Search & Destroy.lnk
[2008/12/17 20:44:56 | 00,000,304 | ---- | M] () -- C:\config.ini
[2008/12/15 01:35:56 | 00,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/12/11 15:37:44 | 00,042,320 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/12/09 20:03:18 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\µTorrent.lnk
[2008/12/08 01:58:24 | 05,885,870 | -H-- | M] () -- C:\Documents and Settings\Timothy\Local Settings\Application Data\IconCache.db
< End of report >

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 03 January 2009 - 08:19 PM

Hello again.

From what I see you are infected with Zlob and Vundo majorly. Let' start off with Combofix.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Please post back with:
-Combofix log (run it ONLY ONCE)
-New OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 ssj2gohan78

ssj2gohan78
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 03 January 2009 - 09:43 PM

here are the new logs

ComboFix 09-01-02.01 - Timothy 2009-01-03 21:33:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1790.1107 [GMT -5:00]
Running from: c:\documents and settings\Timothy\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Timothy\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Timothy\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\program files\Common\helper.sig
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\bihfcslr.dll
c:\windows\system32\bnksfowo.ini
c:\windows\system32\gygnqn.dll
c:\windows\system32\ifdrrsjk.dll
c:\windows\system32\jircas.dll
c:\windows\system32\jzxnhj.dll
c:\windows\system32\kxztij.dll
c:\windows\system32\kyqsrtet.dll
c:\windows\system32\LRtsvyxx.ini
c:\windows\system32\LRtsvyxx.ini2
c:\windows\system32\lwwpvkgy.dll
c:\windows\system32\mst120.dll
c:\windows\system32\nvhdpn.dll
c:\windows\system32\oeysqirr.dll
c:\windows\system32\ogckjr.dll
c:\windows\system32\omhttdbk.dll
c:\windows\system32\ophagz.dll
c:\windows\system32\owofsknb.dll
c:\windows\system32\ptvmfdbo.ini
c:\windows\system32\rriqsyeo.ini
c:\windows\system32\rrwagaxx.ini
c:\windows\system32\someeoux.dll
c:\windows\system32\tojegtxw.ini
c:\windows\system32\uidnleqv.ini
c:\windows\system32\urslisxa.ini
c:\windows\system32\usinibil.ini
c:\windows\system32\vkudfcjf.dll
c:\windows\system32\vqelndiu.dll
c:\windows\system32\wvUlmnKD.dll
c:\windows\system32\wxtgejot.dll
c:\windows\system32\xxyvstRL.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2008-12-30 00:04 . 2008-12-30 00:04 <DIR> d-------- c:\documents and settings\Timothy\Application Data\SystemRequirementsLab
2008-12-29 21:32 . 2008-12-29 21:32 0 --a------ c:\windows\nsreg.dat
2008-12-27 00:17 . 2008-12-27 00:17 <DIR> d-------- c:\program files\MSBuild
2008-12-27 00:14 . 2008-12-27 00:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-12-27 00:13 . 2008-12-27 00:13 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-27 00:13 . 2008-12-27 00:13 <DIR> d-------- c:\program files\Bethesda Softworks
2008-12-27 00:12 . 2008-12-27 00:12 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-27 00:12 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2008-12-27 00:04 . 2008-12-27 00:04 <DIR> d-------- c:\windows\system32\xlive
2008-12-24 00:11 . 2008-12-24 00:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2008-12-23 22:19 . 2008-12-23 22:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 22:19 . 2008-12-23 22:19 <DIR> d-------- c:\documents and settings\Timothy\Application Data\Malwarebytes
2008-12-23 22:19 . 2008-12-23 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 22:19 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 22:19 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 18:04 . 2008-12-22 22:09 250 --a------ c:\windows\wininit.ini
2008-12-22 17:44 . 2008-12-22 17:46 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-22 17:37 . 2008-12-22 17:57 <DIR> d-------- c:\documents and settings\Timothy\Application Data\Antispyware
2008-12-17 20:44 . 2008-12-17 20:44 304 --a------ C:\config.ini
2008-12-16 00:07 . 2008-12-16 00:06 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-16 00:07 . 2008-12-16 00:06 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-16 00:06 . 2008-12-16 00:06 <DIR> d-------- c:\program files\Java
2008-12-12 18:15 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-11 15:37 . 2008-12-11 15:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-08 00:43 . 2008-12-08 00:43 <DIR> d-------- c:\documents and settings\YOUR_PROFILE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 02:33 --------- d-----w c:\program files\Common
2009-01-03 06:37 --------- d-----w c:\documents and settings\Timothy\Application Data\Xfire
2008-12-30 02:24 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-27 05:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-24 18:58 --------- d-----w c:\program files\Steam
2008-12-24 16:13 139,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-24 01:18 --------- d-----w c:\documents and settings\Timothy\Application Data\uTorrent
2008-12-11 01:38 --------- d-----w c:\program files\Teamspeak2_RC2
2008-11-23 12:24 --------- d-----w c:\documents and settings\Timothy\Application Data\dyyno-vlc
2008-11-23 12:03 --------- d-----w c:\program files\Dyyno
2008-11-19 22:58 --------- d-----w c:\documents and settings\Timothy\Application Data\acccore
2008-11-19 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2008-11-19 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-11-19 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-19 22:56 --------- d-----w c:\program files\Common Files\AOL
2008-11-19 22:29 --------- d-----w c:\program files\Activision
2008-11-18 13:52 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-12 01:09 --------- d-----w c:\documents and settings\Timothy\Application Data\Ventrilo
2008-11-12 01:08 --------- d-----w c:\program files\VentSrv
2008-11-12 01:06 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-12 01:05 --------- d-----w c:\program files\Ventrilo
2008-11-10 01:48 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-06 04:43 --------- d-----w c:\program files\DivX
2008-11-02 01:44 22,328 -c--a-w c:\documents and settings\Timothy\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TeamSpeak 2 Server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TeamSpeak 2 Server.lnk
backup=c:\windows\pss\TeamSpeak 2 Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Timothy^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Timothy\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 18:12 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 13:01 13529088 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 13:01 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-07 21:50 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 13:01 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\ssj2gohan78\\source sdk base\\hl2.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Steam\\steamapps\\ssj2gohan78\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\ssj2gohan78\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\ssj2gohan78\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Xfire\\xfire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\Timothy\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"e:\\Timmys\\srobot.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28960:TCP"= 28960:TCP:port
"28960:UDP"= 28960:UDP:port
"8767:TCP"= 8767:TCP:port
"8767:UDP"= 8767:UDP:port
"27015:TCP"= 27015:TCP:port
"27015:UDP"= 27015:UDP:port
"27017:TCP"= 27017:TCP:port
"27017:UDP"= 27017:UDP:port
"17402:TCP"= 17402:TCP:BitComet 17402 TCP
"17402:UDP"= 17402:UDP:BitComet 17402 UDP

S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\Timothy\LOCALS~1\Temp\{1735A~1\atiicdxx.sys --> c:\docume~1\Timothy\LOCALS~1\Temp\{1735A~1\atiicdxx.sys [?]
S3 NTProcDrv;Process creation detector for NT.;e:\timmys\NTProcDrv.sys [2008-11-25 3584]
S3 Revolution1;Revolution1;\??\c:\docume~1\Timothy\LOCALS~1\Temp\Rar$EX46.718\gb\Revolution_Engine_8.3_ShaK3\SHAK3.sys --> c:\docume~1\Timothy\LOCALS~1\Temp\Rar$EX46.718\gb\Revolution_Engine_8.3_ShaK3\SHAK3.sys [?]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-03 c:\windows\Tasks\At1.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At10.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At11.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At12.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At13.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At14.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-02 c:\windows\Tasks\At15.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At16.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At17.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At18.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-02 c:\windows\Tasks\At19.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At2.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At20.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At21.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At22.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At23.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At24.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At25.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At26.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At27.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At28.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At29.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At3.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At30.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At31.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At32.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At33.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At34.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At35.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At36.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At37.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At38.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-02 c:\windows\Tasks\At39.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At4.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At40.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At41.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At42.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-02 c:\windows\Tasks\At43.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At44.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At45.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At46.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At47.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At48.job
- c:\windows\system32\f2t3pukE.exe []

2009-01-03 c:\windows\Tasks\At5.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At6.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At7.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At8.job
- c:\windows\system32\j2stR6Q6.exe []

2009-01-03 c:\windows\Tasks\At9.job
- c:\windows\system32\j2stR6Q6.exe []

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-04 c:\windows\Tasks\ynfwvcxr.job
- c:\windows\system32\rundll32.exe [2004-08-04 00:56]
.
- - - - ORPHANS REMOVED - - - -

BHO-{77AB5974-55A3-4737-9FD5-B93C64307F78} - c:\windows\system32\someeoux.dll
BHO-{E7448600-2350-4FB5-A4E0-8C9190402DE4} - c:\windows\system32\xxyvstRL.dll
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-igndlm - c:\documents and settings\Timothy\My Documents\Download Manager\DLM.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-QuickTime Task - C:\QTTask.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_09\bin\jusched.exe
MSConfigStartUp-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = actsvr.comcastonline.com

c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd

c:\windows\Downloaded Program Files\DyynoX.dll - O16 -: {4E218431-2F07-40BD-A9D3-035324C1F13F}
hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
c:\windows\Downloaded Program Files\DyynoCAB.inf
FF - ProfilePath - c:\documents and settings\Timothy\Application Data\Mozilla\Firefox\Profiles\baylvnc3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\documents and settings\Timothy\Application Data\Mozilla\Firefox\Profiles\baylvnc3.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 21:38:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-01-03 21:40:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-04 02:40:04

Pre-Run: 4,185,251,840 bytes free
Post-Run: 4,290,994,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

354 --- E O F --- 2008-08-29 07:06:25

OTViewIt logfile created on: 1/3/2009 9:40:43 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Timothy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 77.90% Memory free
3.60 Gb Paging File | 3.37 Gb Available in Paging File | 93.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 4.00 Gb Free Space | 10.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 38.33 Gb Total Space | 15.14 Gb Free Space | 39.49% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIM-74162D787E8
Current User Name: Timothy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2009/01/03 21:30:06 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CF2523.exe
[2008/12/16 00:06:46 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/12/16 00:06:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/11/01 20:43:57 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2004/08/04 00:56:58 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2004/08/04 00:56:56 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2007/11/07 08:35:40 | 00,361,800 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsshld.exe
[2004/08/04 00:56:56 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe
[2009/01/03 00:11:20 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/12/16 00:06:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [On_Demand | Running])
[2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2008/11/01 20:43:57 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/08/29 15:11:00 | 03,644,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/05/04 22:53:07 | 00,399,616 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\system32\drivers\EagleNt.sys -- (EagleNT [On_Demand | Stopped])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2005/02/23 15:08:16 | 00,003,584 | ---- | M] () -- E:\Timmys\NTProcDrv.sys -- (NTProcDrv [On_Demand | Stopped])
[2008/05/16 13:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Stopped])
[2006/01/18 18:41:58 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab -- Reg Error: Key does not exist or could not be opened.
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{1E54D648-B804-468d-BC78-4AFFED8E262E}: http://www.srtest.com/srl_bin/sysreqlab_srl.cab -- System Requirements Lab Class
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab -- CDownloadCtrl Object
{4E218431-2F07-40BD-A9D3-035324C1F13F}: http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB -- DyynoX Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1229123732672 -- WUWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}: http://www.acclaim.com/cabs/acclaim_v5.cab -- GameLauncher Control
{6B75345B-AA36-438A-BBE6-4078B4C6984D}: http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab -- HpProductDetection Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{7D21C6BB-BBE5-46AF-B43A-8CE0B001CB76} (Servers: | Description: 1394 Net Adapter)
{7F574659-2E40-437B-90E2-79166F658FE4} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/01/14 18:09:21 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/03 21:32:52 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/01/03 21:32:51 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/01/03 21:32:47 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/01/03 21:30:38 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/03 21:30:38 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/03 21:30:38 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/03 21:30:38 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/03 21:30:38 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/03 21:30:38 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/03 21:30:38 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/03 21:30:38 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/03 21:30:38 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/03 21:30:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/03 21:30:15 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/03 21:30:14 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/01/03 21:30:12 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2523.exe
[2009/01/03 21:28:09 | 02,888,012 | R--- | C] () -- C:\Documents and Settings\Timothy\Desktop\ComboFix.exe
[2009/01/03 00:11:20 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Timothy\Desktop\OTViewIt.exe
[2008/12/31 19:18:10 | 00,713,381 | ---- | C] () -- C:\Documents and Settings\Timothy\Desktop\C19H28O2.v7.13.zip
[2008/12/30 00:04:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\SystemRequirementsLab
[2008/12/29 21:32:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/29 21:32:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Local Settings\Application Data\Mozilla
[2008/12/29 21:32:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\Mozilla
[2008/12/29 21:32:21 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/29 21:32:14 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/12/29 21:31:54 | 07,518,240 | ---- | C] (Mozilla) -- C:\Documents and Settings\Timothy\Desktop\Firefox Setup 3.0.5.exe
[2008/12/27 04:49:32 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\Timothy\Desktop\Shortcut to FalloutLauncher.lnk
[2008/12/27 00:50:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\My Documents\My Games
[2008/12/27 00:50:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Local Settings\Application Data\Fallout3
[2008/12/27 00:48:25 | 04,761,284 | ---- | C] () -- C:\Documents and Settings\Timothy\Desktop\rld-fou3.7z
[2008/12/27 00:17:35 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2008/12/27 00:14:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2008/12/27 00:13:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2008/12/27 00:13:56 | 00,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2008/12/27 00:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2008/12/27 00:12:02 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2008/12/27 00:09:45 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/12/27 00:09:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2008/12/27 00:04:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2008/12/24 00:13:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Local Settings\Application Data\WinZip
[2008/12/24 00:12:35 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/24 00:11:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/12/24 00:11:49 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2008/12/23 22:19:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\Malwarebytes
[2008/12/23 22:19:42 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/23 22:19:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/23 22:19:39 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/23 22:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/23 22:19:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/23 22:18:39 | 02,538,872 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Timothy\Desktop\mbam-setup.exe
[2008/12/22 18:04:39 | 00,000,250 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/22 17:44:33 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/22 17:37:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\Antispyware
[2008/12/21 20:45:36 | 00,000,314 | ---- | C] () -- C:\WINDOWS\tasks\ynfwvcxr.job
[2008/12/17 20:44:56 | 00,000,304 | ---- | C] () -- C:\config.ini
[2008/12/16 00:06:42 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/12/13 16:37:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Desktop\Tibba
[2008/12/12 18:15:58 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/12/11 15:37:44 | 00,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/03 21:40:12 | 00,022,449 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/01/03 21:38:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/03 21:38:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/03 21:37:45 | 00,127,254 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/03 21:37:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/01/03 21:37:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/03 21:37:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/03 21:32:52 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/01/03 21:30:06 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2523.exe
[2009/01/03 21:28:19 | 02,888,012 | R--- | M] () -- C:\Documents and Settings\Timothy\Desktop\ComboFix.exe
[2009/01/03 21:24:17 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\ynfwvcxr.job
[2009/01/03 17:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2009/01/03 17:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2009/01/03 16:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2009/01/03 16:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2009/01/03 15:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2009/01/03 15:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2009/01/03 13:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2009/01/03 13:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2009/01/03 12:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2009/01/03 12:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2009/01/03 11:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2009/01/03 11:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2009/01/03 10:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2009/01/03 10:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2009/01/03 09:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2009/01/03 09:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2009/01/03 08:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2009/01/03 08:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2009/01/03 07:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2009/01/03 07:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2009/01/03 06:00:03 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2009/01/03 06:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2009/01/03 05:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2009/01/03 05:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2009/01/03 04:00:03 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2009/01/03 04:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2009/01/03 03:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2009/01/03 03:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2009/01/03 02:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2009/01/03 02:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2009/01/03 01:00:04 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2009/01/03 01:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009/01/03 00:39:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2009/01/03 00:19:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/01/03 00:11:20 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy\Desktop\OTViewIt.exe
[2009/01/02 23:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2009/01/02 23:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2009/01/02 22:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2009/01/02 22:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2009/01/02 21:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2009/01/02 21:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2009/01/02 20:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2009/01/02 20:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2009/01/02 19:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2009/01/02 19:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2009/01/02 18:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2009/01/02 18:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2009/01/02 14:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2009/01/02 14:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2009/01/01 01:24:00 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/12/31 19:18:11 | 00,713,381 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\C19H28O2.v7.13.zip
[2008/12/31 02:18:11 | 00,001,326 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\Silkroad.lnk
[2008/12/29 21:32:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2008/12/29 21:32:21 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/29 21:31:54 | 07,518,240 | ---- | M] (Mozilla) -- C:\Documents and Settings\Timothy\Desktop\Firefox Setup 3.0.5.exe
[2008/12/27 15:50:34 | 00,094,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/27 04:49:32 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\Shortcut to FalloutLauncher.lnk
[2008/12/27 00:48:37 | 04,761,284 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\rld-fou3.7z
[2008/12/27 00:46:04 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/12/27 00:18:04 | 00,500,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/27 00:18:04 | 00,427,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/27 00:18:04 | 00,066,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/24 11:13:28 | 00,139,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/24 11:13:21 | 00,202,000 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/12/24 10:22:31 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\godeseju
[2008/12/24 00:12:35 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/23 22:19:42 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/23 22:18:46 | 02,538,872 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Timothy\Desktop\mbam-setup.exe
[2008/12/23 19:58:44 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\Timothy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/22 22:09:36 | 00,000,250 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/22 17:44:38 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\Spybot - Search & Destroy.lnk
[2008/12/17 20:44:56 | 00,000,304 | ---- | M] () -- C:\config.ini
[2008/12/15 01:35:56 | 00,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/12/11 15:37:44 | 00,042,320 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/12/09 20:03:18 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\µTorrent.lnk
[2008/12/08 01:58:24 | 05,885,870 | -H-- | M] () -- C:\Documents and Settings\Timothy\Local Settings\Application Data\IconCache.db
< End of report >

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 05 January 2009 - 04:56 PM

Hello.

Combofix took most of it out :thumbsup:

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At25.job
    c:\windows\Tasks\At26.job
    c:\windows\Tasks\At27.job
    c:\windows\Tasks\At28.job
    c:\windows\Tasks\At29.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At30.job
    c:\windows\Tasks\At31.job
    c:\windows\Tasks\At32.job
    c:\windows\Tasks\At33.job
    c:\windows\Tasks\At34.job
    c:\windows\Tasks\At35.job
    c:\windows\Tasks\At36.job
    c:\windows\Tasks\At37.job
    c:\windows\Tasks\At38.job
    c:\windows\Tasks\At39.job
    c:\windows\Tasks\At4.job
    c:\windows\system32\j2stR6Q6.exe 
    c:\windows\Tasks\At40.job
    c:\windows\Tasks\At41.job
    c:\windows\Tasks\At42.job
    c:\windows\Tasks\At43.job
    c:\windows\Tasks\At44.job
    c:\windows\Tasks\At45.job
    c:\windows\Tasks\At46.job
    c:\windows\Tasks\At47.job
    c:\windows\Tasks\At48.job
    c:\windows\system32\f2t3pukE.exe 
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job
    c:\windows\Tasks\ynfwvcxr.job
    
    Folder::
    C:\WINDOWS\System32\godeseju
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Submit File to Online Scanner

There is a file that I would like you to check out for me using VirusTotal/VirSCAN
  • Open VirusTotal Online Scanner or VirSCAN. If one site is busy or down, try the other
  • At the top of the page you'll see a box. Paste in the following line(s) (do one line at a time).
  • C:\WINDOWS\System32\CF2523.exe
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link


Post back with:
-Combofix log
-Virustotal/VIRScan log
-MBAM log
-New OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 ssj2gohan78

ssj2gohan78
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 05 January 2009 - 07:18 PM

i went to both of the Virustotal/VIRScan websites and it said file cannot be found but here are the other 4 logs u asked for


ComboFix 09-01-05.03 - Timothy 2009-01-05 19:00:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1790.1430 [GMT -5:00]
Running from: c:\documents and settings\Timothy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Timothy\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\f2t3pukE.exe
c:\windows\system32\j2stR6Q6.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\ynfwvcxr.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\godeseju\
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\ynfwvcxr.job

.
((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2008-12-30 00:04 . 2008-12-30 00:04 <DIR> d-------- c:\documents and settings\Timothy\Application Data\SystemRequirementsLab
2008-12-29 21:32 . 2008-12-29 21:32 0 --a------ c:\windows\nsreg.dat
2008-12-27 00:17 . 2008-12-27 00:17 <DIR> d-------- c:\program files\MSBuild
2008-12-27 00:14 . 2008-12-27 00:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-12-27 00:13 . 2008-12-27 00:13 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-27 00:13 . 2008-12-27 00:13 <DIR> d-------- c:\program files\Bethesda Softworks
2008-12-27 00:12 . 2008-12-27 00:12 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-27 00:12 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2008-12-27 00:04 . 2008-12-27 00:04 <DIR> d-------- c:\windows\system32\xlive
2008-12-24 00:11 . 2008-12-24 00:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2008-12-23 22:19 . 2008-12-23 22:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 22:19 . 2008-12-23 22:19 <DIR> d-------- c:\documents and settings\Timothy\Application Data\Malwarebytes
2008-12-23 22:19 . 2008-12-23 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 22:19 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 22:19 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 18:04 . 2008-12-22 22:09 250 --a------ c:\windows\wininit.ini
2008-12-22 17:44 . 2008-12-22 17:46 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-22 17:37 . 2008-12-22 17:57 <DIR> d-------- c:\documents and settings\Timothy\Application Data\Antispyware
2008-12-17 20:44 . 2008-12-17 20:44 304 --a------ C:\config.ini
2008-12-16 00:07 . 2008-12-16 00:06 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-16 00:07 . 2008-12-16 00:06 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-16 00:06 . 2008-12-16 00:06 <DIR> d-------- c:\program files\Java
2008-12-12 18:15 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-11 15:37 . 2008-12-11 15:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-08 00:43 . 2008-12-08 00:43 <DIR> d-------- c:\documents and settings\YOUR_PROFILE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 18:26 --------- d-----w c:\documents and settings\Timothy\Application Data\Xfire
2009-01-05 18:12 --------- d-----w c:\documents and settings\Timothy\Application Data\uTorrent
2009-01-04 02:33 --------- d-----w c:\program files\Common
2008-12-30 02:24 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-27 05:46 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-27 05:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-24 18:58 --------- d-----w c:\program files\Steam
2008-12-24 16:13 202,000 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-24 16:13 139,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-11 01:38 --------- d-----w c:\program files\Teamspeak2_RC2
2008-11-23 12:24 --------- d-----w c:\documents and settings\Timothy\Application Data\dyyno-vlc
2008-11-23 12:03 --------- d-----w c:\program files\Dyyno
2008-11-19 22:58 --------- d-----w c:\documents and settings\Timothy\Application Data\acccore
2008-11-19 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2008-11-19 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-11-19 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-19 22:56 --------- d-----w c:\program files\Common Files\AOL
2008-11-19 22:29 --------- d-----w c:\program files\Activision
2008-11-18 13:52 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-12 01:09 --------- d-----w c:\documents and settings\Timothy\Application Data\Ventrilo
2008-11-12 01:08 --------- d-----w c:\program files\VentSrv
2008-11-12 01:06 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-12 01:05 --------- d-----w c:\program files\Ventrilo
2008-11-10 01:48 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-06 04:43 --------- d-----w c:\program files\DivX
2008-11-02 01:44 22,328 -c--a-w c:\documents and settings\Timothy\Application Data\PnkBstrK.sys
2008-11-02 01:43 682,280 ----a-w c:\windows\system32\pbsvc.exe
2008-11-02 01:43 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-03_21.39.21.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-04 02:31:53 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-05 22:40:05 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-04 02:31:53 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-05 22:40:05 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-04 21:04:02 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_680.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TeamSpeak 2 Server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TeamSpeak 2 Server.lnk
backup=c:\windows\pss\TeamSpeak 2 Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Timothy^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Timothy\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 18:12 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 13:01 13529088 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 13:01 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-07 21:50 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 13:01 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\ssj2gohan78\\source sdk base\\hl2.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Steam\\steamapps\\ssj2gohan78\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\ssj2gohan78\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\ssj2gohan78\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Xfire\\xfire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\Timothy\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"e:\\Timmys\\srobot.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28960:TCP"= 28960:TCP:port
"28960:UDP"= 28960:UDP:port
"8767:TCP"= 8767:TCP:port
"8767:UDP"= 8767:UDP:port
"27015:TCP"= 27015:TCP:port
"27015:UDP"= 27015:UDP:port
"27017:TCP"= 27017:TCP:port
"27017:UDP"= 27017:UDP:port
"17402:TCP"= 17402:TCP:BitComet 17402 TCP
"17402:UDP"= 17402:UDP:BitComet 17402 UDP

S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\Timothy\LOCALS~1\Temp\{1735A~1\atiicdxx.sys --> c:\docume~1\Timothy\LOCALS~1\Temp\{1735A~1\atiicdxx.sys [?]
S3 NTProcDrv;Process creation detector for NT.;e:\timmys\NTProcDrv.sys [2008-11-25 3584]
S3 Revolution1;Revolution1;\??\c:\docume~1\Timothy\LOCALS~1\Temp\Rar$EX46.718\gb\Revolution_Engine_8.3_ShaK3\SHAK3.sys --> c:\docume~1\Timothy\LOCALS~1\Temp\Rar$EX46.718\gb\Revolution_Engine_8.3_ShaK3\SHAK3.sys [?]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = actsvr.comcastonline.com

c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd

c:\windows\Downloaded Program Files\DyynoX.dll - O16 -: {4E218431-2F07-40BD-A9D3-035324C1F13F}
hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
c:\windows\Downloaded Program Files\DyynoCAB.inf
FF - ProfilePath - c:\documents and settings\Timothy\Application Data\Mozilla\Firefox\Profiles\baylvnc3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\documents and settings\Timothy\Application Data\Mozilla\Firefox\Profiles\baylvnc3.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 19:03:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\wbem\wbemcomn.dll
.
Completion time: 2009-01-05 19:04:10
ComboFix-quarantined-files.txt 2009-01-06 00:03:54
ComboFix2.txt 2009-01-04 02:40:21

Pre-Run: 1,439,584,256 bytes free
Post-Run: 1,485,950,976 bytes free

310 --- E O F --- 2008-08-29 07:06:25

Malwarebytes' Anti-Malware 1.31
Database version: 1538
Windows 5.1.2600 Service Pack 2

1/5/2009 7:08:07 PM
mbam-log-2009-01-05 (19-08-07).txt

Scan type: Quick Scan
Objects scanned: 45837
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTViewIt logfile created on: 1/5/2009 7:04:42 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Timothy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 78.90% Memory free
3.60 Gb Paging File | 3.27 Gb Available in Paging File | 90.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.43 Gb Free Space | 3.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 38.33 Gb Total Space | 15.14 Gb Free Space | 39.49% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIM-74162D787E8
Current User Name: Timothy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/12/16 00:06:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/11/01 20:43:57 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/12/16 00:06:46 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2007/11/01 18:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
[2004/08/04 00:56:58 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2004/08/04 00:56:56 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2009/01/03 00:11:20 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/12/16 00:06:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [On_Demand | Running])
[2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2008/11/01 20:43:57 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/08/29 15:11:00 | 03,644,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/05/04 22:53:07 | 00,399,616 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\system32\drivers\EagleNt.sys -- (EagleNT [On_Demand | Stopped])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2005/02/23 15:08:16 | 00,003,584 | ---- | M] () -- E:\Timmys\NTProcDrv.sys -- (NTProcDrv [On_Demand | Stopped])
[2008/05/16 13:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Stopped])
[2006/01/18 18:41:58 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab -- Reg Error: Key does not exist or could not be opened.
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{1E54D648-B804-468d-BC78-4AFFED8E262E}: http://www.srtest.com/srl_bin/sysreqlab_srl.cab -- System Requirements Lab Class
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab -- CDownloadCtrl Object
{4E218431-2F07-40BD-A9D3-035324C1F13F}: http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB -- DyynoX Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1229123732672 -- WUWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}: http://www.acclaim.com/cabs/acclaim_v5.cab -- GameLauncher Control
{6B75345B-AA36-438A-BBE6-4078B4C6984D}: http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab -- HpProductDetection Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{7D21C6BB-BBE5-46AF-B43A-8CE0B001CB76} (Servers: | Description: 1394 Net Adapter)
{7F574659-2E40-437B-90E2-79166F658FE4} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/01/14 18:09:21 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/03 21:32:52 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/01/03 21:32:51 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/01/03 21:32:47 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/01/03 21:30:38 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/03 21:30:38 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/03 21:30:38 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/03 21:30:38 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/03 21:30:38 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/03 21:30:38 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/03 21:30:38 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/03 21:30:38 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/03 21:30:38 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/03 21:30:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/03 21:30:15 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/03 21:28:09 | 02,890,241 | R--- | C] () -- C:\Documents and Settings\Timothy\Desktop\ComboFix.exe
[2009/01/03 00:11:20 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Timothy\Desktop\OTViewIt.exe
[2008/12/31 19:18:10 | 00,713,381 | ---- | C] () -- C:\Documents and Settings\Timothy\Desktop\C19H28O2.v7.13.zip
[2008/12/30 00:04:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\SystemRequirementsLab
[2008/12/29 21:32:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/29 21:32:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Local Settings\Application Data\Mozilla
[2008/12/29 21:32:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\Mozilla
[2008/12/29 21:32:21 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/29 21:32:14 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/12/29 21:31:54 | 07,518,240 | ---- | C] (Mozilla) -- C:\Documents and Settings\Timothy\Desktop\Firefox Setup 3.0.5.exe
[2008/12/27 04:49:32 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\Timothy\Desktop\Shortcut to FalloutLauncher.lnk
[2008/12/27 00:50:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\My Documents\My Games
[2008/12/27 00:50:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Local Settings\Application Data\Fallout3
[2008/12/27 00:48:25 | 04,761,284 | ---- | C] () -- C:\Documents and Settings\Timothy\Desktop\rld-fou3.7z
[2008/12/27 00:17:35 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2008/12/27 00:14:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2008/12/27 00:13:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2008/12/27 00:13:56 | 00,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2008/12/27 00:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2008/12/27 00:12:02 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2008/12/27 00:09:45 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/12/27 00:09:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2008/12/27 00:04:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2008/12/24 00:13:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Local Settings\Application Data\WinZip
[2008/12/24 00:12:35 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/24 00:11:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/12/24 00:11:49 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2008/12/23 22:19:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\Malwarebytes
[2008/12/23 22:19:42 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/23 22:19:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/23 22:19:39 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/23 22:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/23 22:19:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/23 22:18:39 | 02,538,872 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Timothy\Desktop\mbam-setup.exe
[2008/12/22 18:04:39 | 00,000,250 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/22 17:44:33 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/22 17:37:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\Antispyware
[2008/12/17 20:44:56 | 00,000,304 | ---- | C] () -- C:\config.ini
[2008/12/16 00:06:42 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/12/13 16:37:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Desktop\Tibba
[2008/12/12 18:15:58 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/12/11 15:37:44 | 00,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/05 19:04:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/05 19:03:12 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/05 18:59:17 | 02,890,241 | R--- | M] () -- C:\Documents and Settings\Timothy\Desktop\ComboFix.exe
[2009/01/04 16:06:09 | 00,022,449 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/01/04 16:04:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/04 16:04:17 | 00,127,254 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/04 16:03:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/03 21:37:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/01/03 21:32:52 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/01/03 00:11:20 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy\Desktop\OTViewIt.exe
[2009/01/01 01:24:00 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/12/31 19:18:11 | 00,713,381 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\C19H28O2.v7.13.zip
[2008/12/31 02:18:11 | 00,001,326 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\Silkroad.lnk
[2008/12/29 21:32:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2008/12/29 21:32:21 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/29 21:31:54 | 07,518,240 | ---- | M] (Mozilla) -- C:\Documents and Settings\Timothy\Desktop\Firefox Setup 3.0.5.exe
[2008/12/27 15:50:34 | 00,094,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/27 04:49:32 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\Shortcut to FalloutLauncher.lnk
[2008/12/27 00:48:37 | 04,761,284 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\rld-fou3.7z
[2008/12/27 00:46:04 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/12/27 00:18:04 | 00,500,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/27 00:18:04 | 00,427,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/27 00:18:04 | 00,066,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/24 11:13:28 | 00,139,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/24 11:13:21 | 00,202,000 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/12/24 10:22:31 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\godeseju
[2008/12/24 00:12:35 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/23 22:19:42 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/23 22:18:46 | 02,538,872 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Timothy\Desktop\mbam-setup.exe
[2008/12/23 19:58:44 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\Timothy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/22 22:09:36 | 00,000,250 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/22 17:44:38 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\Spybot - Search & Destroy.lnk
[2008/12/17 20:44:56 | 00,000,304 | ---- | M] () -- C:\config.ini
[2008/12/15 01:35:56 | 00,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/12/11 15:37:44 | 00,042,320 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/12/09 20:03:18 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\µTorrent.lnk
[2008/12/08 01:58:24 | 05,885,870 | -H-- | M] () -- C:\Documents and Settings\Timothy\Local Settings\Application Data\IconCache.db
< End of report >


OTViewIt Extras logfile created on: 1/5/2009 7:04:42 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Timothy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 78.90% Memory free
3.60 Gb Paging File | 3.27 Gb Available in Paging File | 90.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.43 Gb Free Space | 3.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 38.33 Gb Total Space | 15.14 Gb Free Space | 39.49% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIM-74162D787E8
Current User Name: Timothy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 00:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 00:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/11/01 20:43:57 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2008/12/24 11:13:21 | 00,202,000 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
[2008/11/09 21:56:47 | 00,462,336 | ---- | M] () -- C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server
[2008/12/09 20:03:10 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/07/04 19:31:30 | 00,106,496 | ---- | M] () -- C:\Program Files\Steam\steamapps\ssj2gohan78\source sdk base\hl2.exe:*:Enabled:hl2
[2007/11/19 14:13:12 | 00,274,432 | ---- | M] () -- C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv
[2008/10/21 23:16:20 | 00,098,304 | ---- | M] () -- C:\Program Files\Steam\steamapps\ssj2gohan78\team fortress 2\hl2.exe:*:Enabled:hl2
[2008/12/24 13:57:53 | 00,098,304 | ---- | M] () -- C:\Program Files\Steam\steamapps\ssj2gohan78\garrysmod\hl2.exe:*:Enabled:hl2
[2008/08/28 00:42:06 | 00,132,344 | ---- | M] () -- C:\Program Files\Steam\steamapps\ssj2gohan78\source 2007 dedicated server\srcds.exe:*:Enabled:srcds
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/11/10 10:23:50 | 01,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe
[2008/11/07 09:30:40 | 05,488,640 | ---- | M] (Activision Blizzard, Inc.) -- C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™
[2008/11/09 23:47:14 | 05,444,880 | ---- | M] (Activision Blizzard, Inc.) -- C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™
[2008/12/11 15:37:40 | 02,990,416 | ---- | M] (Xfire Inc.) -- E:\Xfire\xfire.exe:*:Enabled:Xfire
[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/11/23 07:03:33 | 00,628,024 | ---- | M] () -- C:\Documents and Settings\Timothy\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:dppmmain Application
[2008/11/11 16:49:55 | 00,065,536 | ---- | M] () -- E:\Timmys\srobot.exe:*:Enabled:HookSrv
[2008/12/02 15:11:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}"=Ventrilo Server
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{706A6867-6CCB-4280-A1E3-BAFBA688D70E}"=MapleStory
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}"=Call of Duty® 2 Patch 1.3
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}"=Microsoft Games for Windows - LIVE Redistributable
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}"=Fallout 3
"{AC76BA86-7AD7-1033-7B44-A81100000003}"=Adobe Reader 8.1.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}"=REALTEK GbE & FE Ethernet PCI NIC Driver
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}"=Call of Duty® - World at War™ 1.1 Patch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}"=WinZip 12.0
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}"=Call of Duty® - World at War™
"{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty® 4 - Modern Warfare™
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"AIM_6"=AIM 6
"CABAL Online_is1"=CABAL Online
"CamStudio"=CamStudio
"ComcastHSI"=Comcast High-Speed Internet Install Wizard
"DyynoPlayer"=DyynoPlayer 0.8.6f
"Guild Wars"=Guild Wars
"Half-Life Dedicated Server Update Tool"=Half-Life Dedicated Server Update Tool
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}"=Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}"=Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty® 4 - Modern Warfare™
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PunkBusterSvc"=PunkBuster Services
"Silkroad"=Silkroad
"Steam App 310"=Team Fortress 2 Dedicated Server
"Steam App 4000"=Garry's Mod
"Steam App 440"=Team Fortress 2
"SystemRequirementsLab"=System Requirements Lab
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1"=TeamSpeak 2 Server RC2
"VLC media player"=VideoLAN VLC media player 0.8.6f
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire"=Xfire (remove only)
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2008 2:58:19 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module libvlc.dll, version 0.0.0.0, fault address 0x0007cd07.

Error - 12/4/2008 4:02:00 PM | Computer Name = TIM-74162D787E8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/4/2008 4:02:01 PM | Computer Name = TIM-74162D787E8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2008 5:37:10 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application codwawmp.exe, version 1.0.0.1, faulting module
codwawmp.exe, version 1.0.0.1, fault address 0x001e86b6.

Error - 12/15/2008 3:44:19 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application codwawmp.exe, version 1.0.0.1, faulting module
codwawmp.exe, version 1.0.0.1, fault address 0x0005f369.

Error - 12/18/2008 5:21:33 AM | Computer Name = TIM-74162D787E8 | Source = MsiInstaller | ID = 11706
Description = Product: MapleStory -- Error 1706.No valid source could be found for
product MapleStory. The Windows Installer cannot continue.

Error - 12/22/2008 9:59:36 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application hijackthis.exe, version 2.0.0.2, faulting module
gebspmgx.dll, version 1.2.626.1, fault address 0x00057e43.

Error - 12/22/2008 10:54:05 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module mshtml.dll, version 7.0.6000.16705, fault address 0x0025411c.

Error - 12/24/2008 7:17:54 AM | Computer Name = TIM-74162D787E8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/26/2008 6:08:43 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module mshtml.dll, version 7.0.6000.16705, fault address 0x00254120.

[ System Events ]
Error - 1/5/2009 4:00:02 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At40.job command failed to start due to the following error: %%2147942402

Error - 1/5/2009 5:00:01 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error: %%2147942402

Error - 1/5/2009 5:00:02 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At41.job command failed to start due to the following error: %%2147942402

Error - 1/5/2009 6:00:01 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At18.job command failed to start due to the following error: %%2147942402

Error - 1/5/2009 6:00:02 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At42.job command failed to start due to the following error: %%2147942402

Error - 1/5/2009 7:00:01 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At19.job command failed to start due to the following error: %%2147942402

Error - 1/5/2009 7:00:02 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At43.job command failed to start due to the following error: %%2147942402

Error - 1/5/2009 7:02:03 PM | Computer Name = TIM-74162D787E8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
The
error: "%2" Happened while starting this command: C:\Program Files\Messenger\msmsgs.exe
-Embedding

Error - 1/5/2009 8:00:01 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At20.job command failed to start due to the following error: %%2147942402

Error - 1/5/2009 8:00:02 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At44.job command failed to start due to the following error: %%2147942402


< End of report >

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 06 January 2009 - 04:44 PM

Hello.

Log looks good. A bit more to do before we are done :thumbsup:

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case U-Torrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Some leftover entries we can take care of now.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    Driver::
    ATICDSDr
    Revolution1
    XDva215
    XDva037
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    "{D0943516-5076-4020-A3B5-AEFAF26AB263}"=-
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Please post back with:
-Combofix log
-Kaspersky log
-New OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 ssj2gohan78

ssj2gohan78
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 09 January 2009 - 08:31 PM

when i was doing the kaspersky scan i guess i had McAfee still going so in the middle of the scan around 50 something % McAfee said it deleted a vundo thing so i clicked ok and when i looked down at IE it closed.... so here are the other logs u asked for now im doing another kaspersky scan right now with McAfee off so ill get that to u once its done


ComboFix 09-01-08.05 - Timothy 2009-01-09 18:16:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1790.1391 [GMT -5:00]
Running from: c:\documents and settings\Timothy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Timothy\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATICDSDR
-------\Legacy_REVOLUTION1
-------\Legacy_XDVA037
-------\Legacy_XDVA215
-------\Service_ATICDSDr
-------\Service_Revolution1
-------\Service_XDva037
-------\Service_XDva215


((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))
.

2008-12-30 00:04 . 2008-12-30 00:04 <DIR> d-------- c:\documents and settings\Timothy\Application Data\SystemRequirementsLab
2008-12-29 21:32 . 2008-12-29 21:32 0 --a------ c:\windows\nsreg.dat
2008-12-27 00:17 . 2008-12-27 00:17 <DIR> d-------- c:\program files\MSBuild
2008-12-27 00:14 . 2008-12-27 00:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-12-27 00:13 . 2008-12-27 00:13 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-27 00:13 . 2008-12-27 00:13 <DIR> d-------- c:\program files\Bethesda Softworks
2008-12-27 00:12 . 2008-12-27 00:12 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-27 00:12 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2008-12-27 00:04 . 2008-12-27 00:04 <DIR> d-------- c:\windows\system32\xlive
2008-12-24 00:11 . 2008-12-24 00:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2008-12-23 22:19 . 2008-12-23 22:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 22:19 . 2008-12-23 22:19 <DIR> d-------- c:\documents and settings\Timothy\Application Data\Malwarebytes
2008-12-23 22:19 . 2008-12-23 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 22:19 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 22:19 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 18:04 . 2008-12-22 22:09 250 --a------ c:\windows\wininit.ini
2008-12-22 17:44 . 2008-12-22 17:46 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-22 17:37 . 2008-12-22 17:57 <DIR> d-------- c:\documents and settings\Timothy\Application Data\Antispyware
2008-12-17 20:44 . 2008-12-17 20:44 304 --a------ C:\config.ini
2008-12-16 00:07 . 2008-12-16 00:06 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-16 00:07 . 2008-12-16 00:06 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-16 00:06 . 2008-12-16 00:06 <DIR> d-------- c:\program files\Java
2008-12-12 18:15 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-11 15:37 . 2008-12-11 15:37 42,320 --a------ c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 00:29 --------- d-----w c:\documents and settings\Timothy\Application Data\Xfire
2009-01-07 02:23 --------- d-----w c:\documents and settings\Timothy\Application Data\uTorrent
2009-01-06 06:50 139,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-06 04:24 --------- d-----w c:\program files\Steam
2009-01-04 02:33 --------- d-----w c:\program files\Common
2008-12-30 02:24 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-27 05:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 01:38 --------- d-----w c:\program files\Teamspeak2_RC2
2008-11-23 12:24 --------- d-----w c:\documents and settings\Timothy\Application Data\dyyno-vlc
2008-11-23 12:03 --------- d-----w c:\program files\Dyyno
2008-11-19 22:58 --------- d-----w c:\documents and settings\Timothy\Application Data\acccore
2008-11-19 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2008-11-19 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-11-19 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-19 22:56 --------- d-----w c:\program files\Common Files\AOL
2008-11-19 22:29 --------- d-----w c:\program files\Activision
2008-11-18 13:52 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-12 01:09 --------- d-----w c:\documents and settings\Timothy\Application Data\Ventrilo
2008-11-12 01:08 --------- d-----w c:\program files\VentSrv
2008-11-12 01:06 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-12 01:05 --------- d-----w c:\program files\Ventrilo
2008-11-10 01:48 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-02 01:44 22,328 -c--a-w c:\documents and settings\Timothy\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-03_21.39.21.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-04 02:31:53 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-09 19:15:48 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-04 02:31:53 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-09 19:15:48 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-24 16:13:21 202,000 ----a-w c:\windows\system32\PnkBstrB.exe
+ 2009-01-06 06:50:25 202,000 ----a-w c:\windows\system32\PnkBstrB.exe
+ 2009-01-09 23:19:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TeamSpeak 2 Server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TeamSpeak 2 Server.lnk
backup=c:\windows\pss\TeamSpeak 2 Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Timothy^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Timothy\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 18:12 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 13:01 13529088 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 13:01 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-07 21:50 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 13:01 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\ssj2gohan78\\source sdk base\\hl2.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Steam\\steamapps\\ssj2gohan78\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\ssj2gohan78\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\ssj2gohan78\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Xfire\\xfire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\Timothy\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"e:\\Timmys\\srobot.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28960:TCP"= 28960:TCP:port
"28960:UDP"= 28960:UDP:port
"8767:TCP"= 8767:TCP:port
"8767:UDP"= 8767:UDP:port
"27015:TCP"= 27015:TCP:port
"27015:UDP"= 27015:UDP:port
"27017:TCP"= 27017:TCP:port
"27017:UDP"= 27017:UDP:port
"17402:TCP"= 17402:TCP:BitComet 17402 TCP
"17402:UDP"= 17402:UDP:BitComet 17402 UDP

S3 NTProcDrv;Process creation detector for NT.;e:\timmys\NTProcDrv.sys [2008-11-25 3584]
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = actsvr.comcastonline.com

c:\windows\Downloaded Program Files\DyynoX.dll - O16 -: {4E218431-2F07-40BD-A9D3-035324C1F13F}
hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
c:\windows\Downloaded Program Files\DyynoCAB.inf
FF - ProfilePath - c:\documents and settings\Timothy\Application Data\Mozilla\Firefox\Profiles\baylvnc3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\documents and settings\Timothy\Application Data\Mozilla\Firefox\Profiles\baylvnc3.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 18:20:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-01-09 18:22:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-09 23:22:22
ComboFix2.txt 2009-01-06 00:04:11
ComboFix3.txt 2009-01-04 02:40:21

Pre-Run: 3,647,291,392 bytes free
Post-Run: 3,639,087,104 bytes free

211 --- E O F --- 2008-08-29 07:06:25


OTViewIt logfile created on: 1/9/2009 6:23:17 PM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Timothy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 77.31% Memory free
3.60 Gb Paging File | 3.35 Gb Available in Paging File | 93.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 3.40 Gb Free Space | 9.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 38.33 Gb Total Space | 15.13 Gb Free Space | 39.47% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIM-74162D787E8
Current User Name: Timothy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/12/16 00:06:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2008/12/16 00:06:46 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/11/01 20:43:57 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2004/08/04 00:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/08/04 00:56:58 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2003/08/29 16:13:04 | 01,436,160 | ---- | M] (Dominating Bytes Design) -- C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
[2009/01/03 00:11:20 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/12/16 00:06:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [On_Demand | Running])
[2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/05/16 13:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2008/11/01 20:43:57 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/08/29 15:11:00 | 03,644,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/05/04 22:53:07 | 00,399,616 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\system32\drivers\EagleNt.sys -- (EagleNT [On_Demand | Stopped])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2005/02/23 15:08:16 | 00,003,584 | ---- | M] () -- E:\Timmys\NTProcDrv.sys -- (NTProcDrv [On_Demand | Stopped])
[2008/05/16 13:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Stopped])
[2006/01/18 18:41:58 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = actsvr.comcastonline.com

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab -- Reg Error: Key does not exist or could not be opened.
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{1E54D648-B804-468d-BC78-4AFFED8E262E}: http://www.srtest.com/srl_bin/sysreqlab_srl.cab -- System Requirements Lab Class
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab -- CDownloadCtrl Object
{4E218431-2F07-40BD-A9D3-035324C1F13F}: http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB -- DyynoX Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1229123732672 -- WUWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}: http://www.acclaim.com/cabs/acclaim_v5.cab -- GameLauncher Control
{6B75345B-AA36-438A-BBE6-4078B4C6984D}: http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab -- HpProductDetection Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{7D21C6BB-BBE5-46AF-B43A-8CE0B001CB76} (Servers: | Description: 1394 Net Adapter)
{7F574659-2E40-437B-90E2-79166F658FE4} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/01/14 18:09:21 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/06 23:34:48 | 00,103,697 | ---- | C] () -- C:\Documents and Settings\Timothy\Desktop\Untitled.jpg
[2009/01/03 21:32:52 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/01/03 21:32:51 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/01/03 21:32:47 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/01/03 21:30:38 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/03 21:30:38 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/03 21:30:38 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/03 21:30:38 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/03 21:30:38 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/03 21:30:38 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/03 21:30:38 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/03 21:30:38 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/03 21:30:38 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/03 21:30:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/03 21:30:15 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/03 21:28:09 | 02,913,912 | R--- | C] () -- C:\Documents and Settings\Timothy\Desktop\ComboFix.exe
[2009/01/03 00:11:20 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Timothy\Desktop\OTViewIt.exe
[2008/12/31 19:18:10 | 00,713,381 | ---- | C] () -- C:\Documents and Settings\Timothy\Desktop\C19H28O2.v7.13.zip
[2008/12/30 00:04:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\SystemRequirementsLab
[2008/12/29 21:32:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/29 21:32:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Local Settings\Application Data\Mozilla
[2008/12/29 21:32:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\Mozilla
[2008/12/29 21:32:21 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/29 21:32:14 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/12/29 21:31:54 | 07,518,240 | ---- | C] (Mozilla) -- C:\Documents and Settings\Timothy\Desktop\Firefox Setup 3.0.5.exe
[2008/12/27 04:49:32 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\Timothy\Desktop\Shortcut to FalloutLauncher.lnk
[2008/12/27 00:50:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\My Documents\My Games
[2008/12/27 00:50:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Local Settings\Application Data\Fallout3
[2008/12/27 00:48:25 | 04,761,284 | ---- | C] () -- C:\Documents and Settings\Timothy\Desktop\rld-fou3.7z
[2008/12/27 00:17:35 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2008/12/27 00:14:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2008/12/27 00:13:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2008/12/27 00:13:56 | 00,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2008/12/27 00:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2008/12/27 00:12:02 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2008/12/27 00:09:45 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/12/27 00:09:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2008/12/27 00:04:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2008/12/24 00:13:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Local Settings\Application Data\WinZip
[2008/12/24 00:12:35 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/24 00:11:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/12/24 00:11:49 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2008/12/23 22:19:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\Malwarebytes
[2008/12/23 22:19:42 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/23 22:19:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/23 22:19:39 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/23 22:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/23 22:19:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/23 22:18:39 | 02,538,872 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Timothy\Desktop\mbam-setup.exe
[2008/12/22 18:04:39 | 00,000,250 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/22 17:44:33 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/22 17:37:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Application Data\Antispyware
[2008/12/17 20:44:56 | 00,000,304 | ---- | C] () -- C:\config.ini
[2008/12/16 00:06:42 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/12/13 16:37:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Timothy\Desktop\Tibba
[2008/12/12 18:15:58 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/12/11 15:37:44 | 00,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/09 18:22:26 | 00,022,449 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/01/09 18:20:54 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/09 18:20:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/09 18:19:59 | 00,127,254 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/09 18:19:45 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/01/09 18:19:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/09 18:19:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/09 18:15:39 | 02,913,912 | R--- | M] () -- C:\Documents and Settings\Timothy\Desktop\ComboFix.exe
[2009/01/06 23:36:06 | 00,103,697 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\Untitled.jpg
[2009/01/06 21:22:04 | 00,012,288 | ---- | M] () -- C:\Documents and Settings\Timothy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/06 01:50:32 | 00,139,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/01/06 01:50:25 | 00,202,000 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/01/05 23:18:34 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/01/03 21:32:52 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/01/03 00:11:20 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy\Desktop\OTViewIt.exe
[2009/01/01 01:24:00 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/12/31 19:18:11 | 00,713,381 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\C19H28O2.v7.13.zip
[2008/12/31 02:18:11 | 00,001,326 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\Silkroad.lnk
[2008/12/29 21:32:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2008/12/29 21:32:21 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/29 21:31:54 | 07,518,240 | ---- | M] (Mozilla) -- C:\Documents and Settings\Timothy\Desktop\Firefox Setup 3.0.5.exe
[2008/12/27 15:50:34 | 00,094,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/27 04:49:32 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\Shortcut to FalloutLauncher.lnk
[2008/12/27 00:48:37 | 04,761,284 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\rld-fou3.7z
[2008/12/27 00:46:04 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/12/27 00:18:04 | 00,500,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/27 00:18:04 | 00,427,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/27 00:18:04 | 00,066,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/24 10:22:31 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\godeseju
[2008/12/24 00:12:35 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2008/12/23 22:19:42 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/23 22:18:46 | 02,538,872 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Timothy\Desktop\mbam-setup.exe
[2008/12/22 22:09:36 | 00,000,250 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/22 17:44:38 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Timothy\Desktop\Spybot - Search & Destroy.lnk
[2008/12/17 20:44:56 | 00,000,304 | ---- | M] () -- C:\config.ini
[2008/12/15 01:35:56 | 00,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/12/11 15:37:44 | 00,042,320 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
< End of report >


OTViewIt Extras logfile created on: 1/9/2009 6:23:17 PM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Timothy\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 77.31% Memory free
3.60 Gb Paging File | 3.35 Gb Available in Paging File | 93.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 3.40 Gb Free Space | 9.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 38.33 Gb Total Space | 15.13 Gb Free Space | 39.47% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIM-74162D787E8
Current User Name: Timothy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 00:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 00:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/11/01 20:43:57 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2009/01/06 01:50:25 | 00,202,000 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
[2008/11/09 21:56:47 | 00,462,336 | ---- | M] () -- C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server
[2008/12/09 20:03:10 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/07/04 19:31:30 | 00,106,496 | ---- | M] () -- C:\Program Files\Steam\steamapps\ssj2gohan78\source sdk base\hl2.exe:*:Enabled:hl2
[2007/11/19 14:13:12 | 00,274,432 | ---- | M] () -- C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv
[2009/01/05 23:23:53 | 00,098,304 | ---- | M] () -- C:\Program Files\Steam\steamapps\ssj2gohan78\team fortress 2\hl2.exe:*:Enabled:hl2
[2008/12/24 13:57:53 | 00,098,304 | ---- | M] () -- C:\Program Files\Steam\steamapps\ssj2gohan78\garrysmod\hl2.exe:*:Enabled:hl2
[2008/08/28 00:42:06 | 00,132,344 | ---- | M] () -- C:\Program Files\Steam\steamapps\ssj2gohan78\source 2007 dedicated server\srcds.exe:*:Enabled:srcds
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/11/10 10:23:50 | 01,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe
[2008/11/07 09:30:40 | 05,488,640 | ---- | M] (Activision Blizzard, Inc.) -- C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™
[2008/11/09 23:47:14 | 05,444,880 | ---- | M] (Activision Blizzard, Inc.) -- C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™
[2008/12/11 15:37:40 | 02,990,416 | ---- | M] (Xfire Inc.) -- E:\Xfire\xfire.exe:*:Enabled:Xfire
[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/11/23 07:03:33 | 00,628,024 | ---- | M] () -- C:\Documents and Settings\Timothy\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:dppmmain Application
[2008/11/11 16:49:55 | 00,065,536 | ---- | M] () -- E:\Timmys\srobot.exe:*:Enabled:HookSrv
[2008/12/02 15:11:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}"=Ventrilo Server
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{706A6867-6CCB-4280-A1E3-BAFBA688D70E}"=MapleStory
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}"=Call of Duty® 2 Patch 1.3
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}"=Microsoft Games for Windows - LIVE Redistributable
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}"=Fallout 3
"{AC76BA86-7AD7-1033-7B44-A81100000003}"=Adobe Reader 8.1.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}"=REALTEK GbE & FE Ethernet PCI NIC Driver
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}"=Call of Duty® - World at War™ 1.1 Patch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}"=WinZip 12.0
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}"=Call of Duty® - World at War™
"{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty® 4 - Modern Warfare™
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"AIM_6"=AIM 6
"CABAL Online_is1"=CABAL Online
"CamStudio"=CamStudio
"ComcastHSI"=Comcast High-Speed Internet Install Wizard
"DyynoPlayer"=DyynoPlayer 0.8.6f
"Guild Wars"=Guild Wars
"Half-Life Dedicated Server Update Tool"=Half-Life Dedicated Server Update Tool
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}"=Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}"=Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty® 4 - Modern Warfare™
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PunkBusterSvc"=PunkBuster Services
"Silkroad"=Silkroad
"Steam App 310"=Team Fortress 2 Dedicated Server
"Steam App 4000"=Garry's Mod
"Steam App 440"=Team Fortress 2
"SystemRequirementsLab"=System Requirements Lab
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1"=TeamSpeak 2 Server RC2
"VLC media player"=VideoLAN VLC media player 0.8.6f
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire"=Xfire (remove only)
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2008 2:58:19 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module libvlc.dll, version 0.0.0.0, fault address 0x0007cd07.

Error - 12/4/2008 4:02:00 PM | Computer Name = TIM-74162D787E8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/4/2008 4:02:01 PM | Computer Name = TIM-74162D787E8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2008 5:37:10 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application codwawmp.exe, version 1.0.0.1, faulting module
codwawmp.exe, version 1.0.0.1, fault address 0x001e86b6.

Error - 12/15/2008 3:44:19 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application codwawmp.exe, version 1.0.0.1, faulting module
codwawmp.exe, version 1.0.0.1, fault address 0x0005f369.

Error - 12/18/2008 5:21:33 AM | Computer Name = TIM-74162D787E8 | Source = MsiInstaller | ID = 11706
Description = Product: MapleStory -- Error 1706.No valid source could be found for
product MapleStory. The Windows Installer cannot continue.

Error - 12/22/2008 9:59:36 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application hijackthis.exe, version 2.0.0.2, faulting module
gebspmgx.dll, version 1.2.626.1, fault address 0x00057e43.

Error - 12/22/2008 10:54:05 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module mshtml.dll, version 7.0.6000.16705, fault address 0x0025411c.

Error - 12/24/2008 7:17:54 AM | Computer Name = TIM-74162D787E8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/26/2008 6:08:43 PM | Computer Name = TIM-74162D787E8 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module mshtml.dll, version 7.0.6000.16705, fault address 0x00254120.

[ System Events ]
Error - 1/5/2009 5:00:02 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At41.job command failed to start due to the following error: %%2147942402

Error - 1/5/2009 6:00:01 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At18.job command failed to start due to the following error: %%2147942402

Error - 1/5/2009 6:00:02 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At42.job command failed to start due to the following error: %%2147942402

Error - 1/5/2009 7:00:01 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At19.job command failed to start due to the following error: %%2147942402

Error - 1/5/2009 7:00:02 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At43.job command failed to start due to the following error: %%2147942402

Error - 1/5/2009 7:02:03 PM | Computer Name = TIM-74162D787E8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}.
The
error: "%2" Happened while starting this command: C:\Program Files\Messenger\msmsgs.exe
-Embedding

Error - 1/5/2009 8:00:01 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At20.job command failed to start due to the following error: %%2147942402

Error - 1/5/2009 8:00:02 PM | Computer Name = TIM-74162D787E8 | Source = Schedule | ID = 7901
Description = The At44.job command failed to start due to the following error: %%2147942402

Error - 1/7/2009 12:34:44 AM | Computer Name = TIM-74162D787E8 | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 1/9/2009 7:20:09 PM | Computer Name = TIM-74162D787E8 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3


< End of report >

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 09 January 2009 - 10:01 PM

Hello.

Log looks good. Thanks for letting me know. I need to see the kaspersky scan log, that is why I told you to disable your real-time protection first. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 ssj2gohan78

ssj2gohan78
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 10 January 2009 - 01:58 AM

sorry it took so long here is the Kaspersky log


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 10, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 10, 2009 00:14:59
Records in database: 1596091
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
E:\

Scan statistics:
Files scanned: 90491
Threat name: 13
Infected objects: 24
Suspicious objects: 0
Duration of the scan: 05:34:00


File name / Threat name / Threats count
C:\Program Files\Trend Micro\HijackThis\backups\backup-20081222-220214-967.dll Infected: Trojan.Win32.Monder.agej 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20081222-220218-545.dll Infected: Trojan-Downloader.Win32.BHO.afr 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20081222-220256-343.dll Infected: Trojan.Win32.Monder.agej 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20081222-220300-429.dll Infected: Trojan-Downloader.Win32.BHO.afr 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20081222-220429-117.dll Infected: Trojan.Win32.Monder.agej 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ifdrrsjk.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fpf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jircas.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jzxnhj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kxztij.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fpf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kyqsrtet.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lwwpvkgy.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mst120.dll.vir Infected: Trojan-Downloader.Win32.DlKroha.n 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nvhdpn.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fpv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\oeysqirr.dll.vir Infected: Trojan.Win32.Monder.agtu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ogckjr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fou 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\omhttdbk.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fpv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ophagz.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\owofsknb.dll.vir Infected: Trojan.Win32.Monder.agtu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\someeoux.dll.vir Infected: Trojan.Win32.Monder.agdp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vkudfcjf.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vqelndiu.dll.vir Infected: Trojan.Win32.Monder.agtu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUlmnKD.dll.vir Infected: Trojan.Win32.Monderb.acew 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wxtgejot.dll.vir Infected: Trojan.Win32.Monder.agbj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyvstRL.dll.vir Infected: Trojan.Win32.Monder.agap 1

The selected area was scanned.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 10 January 2009 - 12:00 PM

Hello.

Log looks good. Kaspersky found some quarantined and backups from Combofix and Hijackthis. No need to worry about that. We will now remove Combofix and the tools we have used.

Please follow/read the steps below to remove the tools we used and for some more information. :)

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
  • When shown the disclaimer, Select "2"
This will remove files/folders assoicated with combofix and uninstall it.

Download and Run OTCleanIt

We will now remove the tools we used during this fix.
  • Download OTCleanIt by OldTimer to your desktop.
  • Double click OTCleanIt.exe to start the program.
  • Click the big CleanUp! button.
  • When asked if you want to proceed witht the cleanup process, click Yes. Restart your computer when prompted.
You may delete the tool after use.


Congratulations! You now appear clean! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Increase System Performance

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgĺsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :thumbsup:


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 ssj2gohan78

ssj2gohan78
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 10 January 2009 - 09:17 PM

Thx so much for your help EB will come back in the future if i have problems again (hope i wont) very professional Thx again

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 11 January 2009 - 10:47 AM

No Problem, glad I can help :thumbsup:

Since the problem appears to be resolved, this topic is now Closed
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users