Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdWare.WinSrc


  • This topic is locked This topic is locked
22 replies to this topic

#1 ToneLoc78

ToneLoc78

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 27 December 2008 - 01:20 PM

My computer originally had a much larger infection of antivirus2009. This caused popups asking to buy an antivirus program and caused links in internet explorer to route to malicious locations.
I have managed to remove most of the infection through AVG and superantispyware, but keep having one last item pop up as AdWare.WinSrc with 5 registry entries. I remove it but it comes back every time.

Any help is greatly appreciated.

----------------
Here is my DDS log.


DDS (Version 1.1.0) - NTFSx86
Run by Owner at 12:52:12.71 on Sat 12/27/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.26 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ODMNK967\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-22 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-22 26824]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2007-2-27 55024]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-22 76040]
R3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================

2008-12-27 12:42 <DIR> --d----- C:\Hijackthis
2008-12-27 01:42 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-27 01:16 <DIR> a-dshr-- C:\cmdcons
2008-12-27 01:14 161,792 a------- c:\windows\SWREG.exe
2008-12-27 01:14 98,816 a------- c:\windows\sed.exe
2008-12-27 01:14 389,120 a------- c:\windows\system32\CF17462.exe
2008-12-27 01:14 <DIR> --d----- C:\ComboFix
2008-12-22 20:48 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-22 20:44 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-22 20:44 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-22 20:44 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-22 20:44 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-22 20:43 <DIR> --d----- c:\program files\AVG
2008-12-22 20:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-19 21:18 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-12-19 21:18 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-19 21:18 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-19 21:18 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-12-19 21:18 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 21:18 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-12-19 21:18 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-12-19 21:18 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-12-19 21:18 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-12-19 18:32 56,726 a------- c:\windows\system32\nnemzsrfsd.dll-uninst.exe
2008-12-17 20:44 <DIR> --d----- c:\windows\system32\scripting
2008-12-17 20:44 <DIR> --d----- c:\windows\l2schemas
2008-12-17 20:44 <DIR> --d----- c:\windows\system32\en
2008-12-17 20:44 <DIR> --d----- c:\windows\system32\bits
2008-12-17 20:41 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-17 20:38 <DIR> --d----- c:\windows\network diagnostic
2008-12-17 20:33 <DIR> --d----- c:\windows\EHome
2008-12-17 18:18 <DIR> --d----- c:\program files\Nick Arcade

==================== Find3M ====================

2008-12-17 20:47 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

============= FINISH: 12:54:34.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:10:02 PM

Posted 07 January 2009 - 01:41 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

This may seem repetitive, but we need to see the current status of your system, please.
Please Hold on it may take us a day or so to get back with you.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 ToneLoc78

ToneLoc78
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 11 January 2009 - 12:22 PM

Thank you for your response. I haven't taken any action since my first posting so the problem is still there. I don't actually notice any problems with my computer, but the scans keep picking it up and trying to delete it and it just comes back. I'd rather not use the computer for anything sensitive until I know it's clean.

I've posted the new DDS log as instructed and attached the zipped version of attach.txt as well.

-----------------------------------------


DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 12:16:18.70 on Sun 01/11/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.116 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG8\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-22 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-22 26824]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-22 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-22 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-22 76040]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================

2009-01-02 10:48 <DIR> --d----- c:\windows\system32\LogFiles
2008-12-27 12:42 <DIR> --d----- C:\Hijackthis
2008-12-27 01:42 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-27 01:16 <DIR> a-dshr-- C:\cmdcons
2008-12-27 01:14 161,792 a------- c:\windows\SWREG.exe
2008-12-27 01:14 98,816 a------- c:\windows\sed.exe
2008-12-27 01:14 389,120 a------- c:\windows\system32\CF17462.exe
2008-12-27 01:14 <DIR> --d----- C:\ComboFix
2008-12-22 20:48 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-22 20:44 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-22 20:44 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-22 20:44 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-22 20:44 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-22 20:43 <DIR> --d----- c:\program files\AVG
2008-12-22 20:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-19 21:18 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-12-19 21:18 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-19 21:18 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-19 21:18 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-12-19 21:18 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 21:18 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-12-19 21:18 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-12-19 21:18 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-12-19 21:18 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-12-19 18:32 56,726 a------- c:\windows\system32\nnemzsrfsd.dll-uninst.exe
2008-12-17 20:44 <DIR> --d----- c:\windows\system32\scripting
2008-12-17 20:44 <DIR> --d----- c:\windows\l2schemas
2008-12-17 20:44 <DIR> --d----- c:\windows\system32\en
2008-12-17 20:44 <DIR> --d----- c:\windows\system32\bits
2008-12-17 20:41 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-17 20:38 <DIR> --d----- c:\windows\network diagnostic
2008-12-17 20:33 <DIR> --d----- c:\windows\EHome
2008-12-17 18:18 <DIR> --d----- c:\program files\Nick Arcade

==================== Find3M ====================

2008-12-17 20:47 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 12:16:25.98 ===============

Attached Files



#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:02 PM

Posted 11 January 2009 - 10:38 PM

Hello, ToneLoc78
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • GMER's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 ToneLoc78

ToneLoc78
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 12 January 2009 - 12:02 PM

OK, here are the requested reports.
-------------------

1) OTViewIt.txt

OTViewIt logfile created on: 1/12/2009 11:36:25 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.48 Mb Total Physical Memory | 158.30 Mb Available Physical Memory | 41.39% Memory free
1.46 Gb Paging File | 1.05 Gb Available in Paging File | 71.98% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.34 Gb Total Space | 134.67 Gb Free Space | 93.29% Space Free | Partition Type: NTFS
Drive D: | 4.69 Gb Total Space | 2.71 Gb Free Space | 57.80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUKEMILL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/03/15 12:49:06 | 00,352,256 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/03/15 12:49:06 | 00,352,256 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/12/22 20:43:57 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2005/03/17 23:05:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2005/04/15 13:01:46 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2008/12/27 01:42:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2004/03/04 10:46:24 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
[2003/12/22 08:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[2005/02/16 23:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[2006/09/01 15:57:48 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/12/22 20:44:01 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/12/27 01:42:16 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2005/09/09 13:23:35 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
[2004/08/11 03:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/12/22 20:43:59 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/12/22 20:43:59 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2009/01/12 11:35:59 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/03/15 12:49:06 | 00,352,256 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/12/22 20:43:59 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/12/22 20:43:57 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/12/27 01:42:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/09/09 13:23:35 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
[2004/08/11 03:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/04/19 12:40:52 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2001/08/17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Boot | Running])
[2001/08/17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Running])
[2001/08/17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2005/03/15 12:54:04 | 01,032,192 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/12/22 20:44:23 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/12/22 20:44:21 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/12/22 20:44:27 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2004/10/08 06:59:11 | 00,326,656 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL [On_Demand | Stopped])
[2001/08/17 22:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2001/08/17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2004/06/17 17:56:22 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2004/06/17 17:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2004/10/08 06:57:48 | 00,022,016 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2004/03/17 14:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
[2001/08/17 15:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic [On_Demand | Stopped])
[2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/10/18 03:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2001/08/17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2001/08/17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2004/04/14 01:14:12 | 00,070,144 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2008/12/25 01:42:25 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/12/25 01:42:25 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Boot | Running])
[2001/08/17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2004/11/15 19:41:54 | 00,036,804 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt [On_Demand | Running])
[2001/08/17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2001/08/17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2001/08/17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2001/08/17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2001/08/17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Running])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])
[2004/06/17 17:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=http://www.yahoo.com

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{201f27d4-3704-41d6-89c1-aa35e39143ed} (HKLM) -- C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (HKLM) -- C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}" (HKLM) -- C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" (HKLM) -- C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" (HKLM) -- C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" (HKLM) -- C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" (HKLM) -- C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
&eBay Search: C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 03:06:52 | 10,095,808 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll File not found
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll File not found
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 03:06:52 | 10,095,808 | ---- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll File not found
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll File not found
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll File not found
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 03:06:52 | 10,095,808 | ---- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll File not found
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: Reg Error: Key does not exist or could not be opened. File not found
Backward Links: Reg Error: Key does not exist or could not be opened. File not found
Cached Snapshot of Page: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
Similar Pages: Reg Error: Key does not exist or could not be opened. File not found
Translate into English: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: Reg Error: Key does not exist or could not be opened. File not found
Backward Links: Reg Error: Key does not exist or could not be opened. File not found
Cached Snapshot of Page: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
Similar Pages: Reg Error: Key does not exist or could not be opened. File not found
Translate into English: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
&eBay Search: C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 03:06:52 | 10,095,808 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}: Button: PokerStars -- %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [2008/06/19 23:14:58 | 00,587,032 | ---- | M] (PokerStars)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2007/10/25 10:26:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2008/06/19 23:14:58 | 00,587,032 | ---- | M] (PokerStars)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2007/10/25 10:26:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2008/06/19 23:14:58 | 00,587,032 | ---- | M] (PokerStars)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2007/10/25 10:26:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2008/06/19 23:14:58 | 00,587,032 | ---- | M] (PokerStars)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2007/10/25 10:26:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2008/06/19 23:14:58 | 00,587,032 | ---- | M] (PokerStars)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2007/10/25 10:26:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}: http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab -- Symantec AntiVirus scanner
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://photo.walgreens.com/WalgreensActivia.cab -- Snapfish Activia
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab -- Symantec RuFSI Utility Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{6304FCC0-2FE6-4CE4-A6BB-582741223634} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{E24BA6D1-C001-4CC7-8FEA-68711235A4A5} (Servers: | Description: 1394 Net Adapter)
{EC0678D1-2FF1-4DF8-9552-1B8892D06C3A} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/12/22 20:44:27 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/26 13:04:39 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf.aug.8 [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ]
File not found -- D:\autorun.inf -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{780b614d-2177-11da-9f1e-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{780b614d-2177-11da-9f1e-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{780b614d-2177-11da-9f1e-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/12 11:35:58 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2009/01/02 10:48:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/12/27 12:42:57 | 00,000,000 | ---D | C] -- C:\Hijackthis
[2008/12/27 12:41:38 | 00,318,369 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.zip
[2008/12/27 10:44:49 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/12/27 01:22:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/12/27 01:16:32 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/12/27 01:16:28 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/12/27 01:16:16 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/12/27 01:14:17 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/12/27 01:14:17 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/12/27 01:14:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/12/27 01:14:17 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/12/27 01:14:17 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/12/27 01:14:17 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/27 01:14:17 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/27 01:14:17 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/12/27 01:14:09 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17462.exe
[2008/12/27 01:14:09 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/12/27 01:00:34 | 40,113,3568 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/26 02:21:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Process Explorer
[2008/12/22 20:48:19 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/12/22 20:44:27 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/12/22 20:44:27 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/12/22 20:44:23 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/12/22 20:44:21 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/12/22 20:44:12 | 31,879,591 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/22 20:44:12 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/22 20:44:12 | 00,043,917 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/22 20:44:11 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/12/22 20:44:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/12/22 20:43:50 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/12/22 20:43:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/12/19 21:19:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/12/19 21:18:50 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/12/19 21:18:50 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/12/19 21:18:49 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/12/19 21:18:49 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/12/19 21:18:49 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/12/19 21:18:48 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/12/19 21:18:47 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/12/19 21:18:47 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/12/19 21:18:46 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/12/19 21:18:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/12/19 21:16:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/12/19 21:16:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/12/19 21:15:31 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/12/19 18:32:28 | 00,056,726 | ---- | C] () -- C:\WINDOWS\System32\nnemzsrfsd.dll-uninst.exe
[2008/12/17 21:15:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2008/12/17 21:12:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/12/17 20:44:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2008/12/17 20:44:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/12/17 20:44:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/12/17 20:44:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/12/17 20:44:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/12/17 20:41:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/12/17 20:38:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/12/17 20:33:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/12/17 20:33:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/12/17 18:19:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38673444
[2008/12/17 18:18:50 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nick Arcade Games.lnk
[2008/12/17 18:18:50 | 00,000,906 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpongeBob SquarePants 3-D.lnk
[2008/12/17 18:18:47 | 00,000,000 | ---D | C] -- C:\Program Files\Nick Arcade
[2008/12/14 19:18:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\elizabeth(private)

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/12 11:35:59 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2009/01/12 09:11:10 | 31,879,591 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/01/12 03:12:30 | 00,043,917 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/01/11 12:06:43 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/11 12:04:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/11 12:04:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/11 12:03:57 | 40,113,3568 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/27 12:41:52 | 00,318,369 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.zip
[2008/12/27 01:20:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/27 01:16:32 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/12/27 01:14:04 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17462.exe
[2008/12/26 00:01:19 | 06,388,984 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/12/24 16:15:19 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2008/12/24 16:15:18 | 00,000,598 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/22 20:45:42 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/22 20:44:27 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/12/22 20:44:27 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/12/22 20:44:23 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/12/22 20:44:21 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/12/22 20:44:12 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/12/22 20:21:16 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/20 03:01:02 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/19 21:47:14 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003.lnk
[2008/12/19 21:46:46 | 00,000,186 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GTE Federal Credit Union.url
[2008/12/19 21:46:11 | 00,000,386 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EBAY.url
@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Owner\Desktop\EBAY.url:favicon
[2008/12/19 21:43:59 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AOL MAIL.url
@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Owner\Desktop\AOL MAIL.url:favicon
[2008/12/19 21:41:22 | 00,066,360 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/19 21:33:32 | 00,056,726 | ---- | M] () -- C:\WINDOWS\System32\nnemzsrfsd.dll-uninst.exe
[2008/12/19 21:26:11 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\desktop.ini
[2008/12/17 21:14:47 | 00,383,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/17 21:14:47 | 00,053,812 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/17 21:14:46 | 00,443,380 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/17 21:12:56 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/17 21:11:25 | 00,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/17 20:38:07 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/12/17 18:18:50 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Nick Arcade Games.lnk
[2008/12/17 18:18:50 | 00,000,906 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpongeBob SquarePants 3-D.lnk
[2008/12/17 17:48:05 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2008/12/15 19:59:21 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dads xmas list 2008.xls
< End of report >

--------------------------

2) Extra.txt

OTViewIt Extras logfile created on: 1/12/2009 11:36:25 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.48 Mb Total Physical Memory | 158.30 Mb Available Physical Memory | 41.39% Memory free
1.46 Gb Paging File | 1.05 Gb Available in Paging File | 71.98% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.34 Gb Total Space | 134.67 Gb Free Space | 93.29% Space Free | Partition Type: NTFS
Drive D: | 4.69 Gb Total Space | 2.71 Gb Free Space | 57.80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUKEMILL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/12/22 20:43:59 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2008/12/22 20:43:59 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/12/22 08:38:40 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 04:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/22 20:44:11 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 04:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 04:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/06/03 02:36:20 | 07,252,672 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/25 15:29:55 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 00:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}"=Recovery Software Suite eMachines
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}"=HP Software Update
"{160DC6F0-700B-FC31-F035-2FB209B0351A}"=Search Assistant Searchersmart
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5D95AD35-368F-47D5-B63A-A082DDF00111}"=Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}"=Microsoft Digital Image Starter Edition 2006 Library
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}"=Windows Backup Utility
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=Digital Media Reader
"{91110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{9F7FC79B-3059-4264-9450-39EB368E3225}"=Microsoft Digital Image Library 9 - Blocker
"{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9
"{B1591C79-1C35-4E09-AA15-F7D6923AFB96}"=HP Deskjet 3840
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}"=QuickTime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"All ATI Software"=ATI - Software Uninstall Utility
"Ask Toolbar_is1"=Ask Toolbar
"ATI Display Driver"=ATI Display Driver
"AVG8Uninstall"=AVG Free 8.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1"=SoftV92 Data Fax Modem with SmartCP
"Gamevance"=Gamevance
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=Digital Media Reader
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2005b"=Microsoft Money 2005
"MSN Toolbar"=MSN Toolbar
"MSNINST"=MSN
"Nero - Burning Rom!UninstallKey"=Nero OEM
"Nero BurnRights!UninstallKey"=Nero BurnRights
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PictureItSuiteTrial_v11"=Microsoft Digital Image Starter Edition 2006
"PokerStars"=PokerStars
"RealPlayer 6.0"=RealPlayer
"SpongeBob SquarePants 3-D"=SpongeBob SquarePants 3-D
"ViewpointMediaPlayer"=Viewpoint Media Player
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 3
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Search Defender"=Yahoo! Search Protection
"Yahoo! Toolbar"=Yahoo! Toolbar
"YInstHelper"=Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/19/2008 7:24:39 PM | Computer Name = BUKEMILL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2008 7:25:22 PM | Computer Name = BUKEMILL | Source = Application Hang | ID = 1001
Description = Fault bucket 724398357.

Error - 12/19/2008 7:25:22 PM | Computer Name = BUKEMILL | Source = Application Hang | ID = 1001
Description = Fault bucket 724398357.

Error - 12/19/2008 7:29:27 PM | Computer Name = BUKEMILL | Source = Application Hang | ID = 1002
Description = Hanging application setup_241_3777_[1].exe, version 0.0.0.0, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2008 7:38:13 PM | Computer Name = BUKEMILL | Source = AVG7 | ID = 100
Description =

Error - 12/19/2008 7:52:30 PM | Computer Name = BUKEMILL | Source = Application Error | ID = 1000
Description = Faulting application ~tmpb.exe, version 0.0.0.0, faulting module msvcrt.dll,
version 7.0.2600.5512, fault address 0x00036e5a.

Error - 12/19/2008 10:27:16 PM | Computer Name = BUKEMILL | Source = AVG7 | ID = 100
Description =

Error - 12/22/2008 9:45:07 PM | Computer Name = BUKEMILL | Source = Application Hang | ID = 1002
Description = Hanging application ~tmpd.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/24/2008 2:11:56 AM | Computer Name = BUKEMILL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module askbar.dll, version 4.1.0.2, fault address 0x0001f497.

Error - 12/24/2008 2:12:43 AM | Computer Name = BUKEMILL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module askbar.dll, version 4.1.0.2, fault address 0x0001f497.

[ System Events ]
Error - 12/26/2008 3:56:44 AM | Computer Name = BUKEMILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/26/2008 11:04:12 AM | Computer Name = BUKEMILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/27/2008 1:51:26 AM | Computer Name = BUKEMILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/27/2008 1:52:10 AM | Computer Name = BUKEMILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/27/2008 1:52:16 AM | Computer Name = BUKEMILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/27/2008 1:59:33 AM | Computer Name = BUKEMILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/27/2008 2:02:37 AM | Computer Name = BUKEMILL | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.5, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 12/27/2008 2:36:34 AM | Computer Name = BUKEMILL | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.5, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 1/1/2009 3:37:00 PM | Computer Name = BUKEMILL | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.5, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 1/11/2009 1:05:52 PM | Computer Name = BUKEMILL | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.6, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.


< End of report >
-------------------------

3) GMER.log

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-12 11:56:04
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.14 ----

Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}\InprocServer32@ C:\WINDOWS\system32\winsrc.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{31343560-3468-C143-11E4-3F25159B4CF3}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{31343560-3468-C143-11E4-3F25159B4CF3}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{31343560-3468-C143-11E4-3F25159B4CF3}\InProcServer32@ C:\WINDOWS\system32\nnemzsrfsd.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{FA550177-1084-DCEB-AF8B-CFA5C19B8FA6}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FA550177-1084-DCEB-AF8B-CFA5C19B8FA6}\InProcServer32@ C:\WINDOWS\system32\nnemzsrfsd.dll

---- EOF - GMER 1.0.14 ----

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:02 PM

Posted 12 January 2009 - 05:58 PM

Hello, ToneLoc78
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Page_Transitions"=-
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=-
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
    [HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"=-
    [HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
    [HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=-
    [HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"=-
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{780b614d-2177-11da-9f1e-806d6172696f}]
    :files
    C:\RECYCLER
    C:\WINDOWS\temp
    C:\Program Files\AskBarDis
    D:\autorun.inf
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
In your next reply, please include the following:
  • OTMoveIt3's Log
  • A New OTVIewIt Main.txt
  • A New OTViewIt Extra.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 ToneLoc78

ToneLoc78
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 13 January 2009 - 12:42 AM

OK, OTMoveIt3 run. Here are the requested logs.

1) OTMoveIt3 log

========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Page_Transitions deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{780b614d-2177-11da-9f1e-806d6172696f}\\ deleted successfully.
========== FILES ==========
C:\RECYCLER\S-1-5-21-1152909626-3172493983-9268042-1003 moved successfully.
C:\RECYCLER moved successfully.
Folder move failed. C:\WINDOWS\temp scheduled to be moved on reboot.
C:\Program Files\AskBarDis\PopSwatter\History moved successfully.
C:\Program Files\AskBarDis\PopSwatter moved successfully.
C:\Program Files\AskBarDis\bar\Settings moved successfully.
C:\Program Files\AskBarDis\bar\History moved successfully.
C:\Program Files\AskBarDis\bar\Cache moved successfully.
C:\Program Files\AskBarDis\bar\bin moved successfully.
C:\Program Files\AskBarDis\bar moved successfully.
C:\Program Files\AskBarDis moved successfully.
File/Folder D:\autorun.inf not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01132009_002413

Files moved on Reboot...
Folder move failed. C:\WINDOWS\temp scheduled to be moved on reboot.

---------

2) New OTVIewIt Main.txt

OTViewIt logfile created on: 1/13/2009 12:35:25 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.48 Mb Total Physical Memory | 128.11 Mb Available Physical Memory | 33.50% Memory free
1.46 Gb Paging File | 1.09 Gb Available in Paging File | 74.42% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.34 Gb Total Space | 134.63 Gb Free Space | 93.27% Space Free | Partition Type: NTFS
Drive D: | 4.69 Gb Total Space | 2.71 Gb Free Space | 57.80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUKEMILL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/03/15 12:49:06 | 00,352,256 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/03/15 12:49:06 | 00,352,256 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/12/22 20:43:57 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/12/27 01:42:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2005/09/09 13:23:35 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
[2004/08/11 03:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/12/22 20:43:59 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/12/22 20:43:59 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2005/03/17 23:05:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2005/04/15 13:01:46 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2004/03/04 10:46:24 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
[2003/12/22 08:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[2005/02/16 23:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[2006/09/01 15:57:48 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/22 20:44:01 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/12/27 01:42:16 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2009/01/12 11:35:59 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/03/15 12:49:06 | 00,352,256 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/12/22 20:43:59 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/12/22 20:43:57 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/12/27 01:42:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/09/09 13:23:35 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
[2004/08/11 03:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/04/19 12:40:52 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2001/08/17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Boot | Running])
[2001/08/17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Running])
[2001/08/17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2005/03/15 12:54:04 | 01,032,192 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/12/22 20:44:23 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/12/22 20:44:21 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/12/22 20:44:27 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2004/10/08 06:59:11 | 00,326,656 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL [On_Demand | Stopped])
[2001/08/17 22:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2001/08/17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2009/01/12 11:39:44 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2004/06/17 17:56:22 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2004/06/17 17:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2004/10/08 06:57:48 | 00,022,016 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2004/03/17 14:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
[2001/08/17 15:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic [On_Demand | Stopped])
[2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/08/04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/10/18 03:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2001/08/17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2001/08/17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2004/04/14 01:14:12 | 00,070,144 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2008/12/25 01:42:25 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/12/25 01:42:25 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Boot | Running])
[2001/08/17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2004/11/15 19:41:54 | 00,036,804 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt [On_Demand | Running])
[2001/08/17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2001/08/17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2001/08/17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2001/08/17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2001/08/17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Running])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])
[2004/06/17 17:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=http://www.yahoo.com

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (HKLM) -- C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
&eBay Search: C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 03:06:52 | 10,095,808 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll File not found
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll File not found
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 03:06:52 | 10,095,808 | ---- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll File not found
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll File not found
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll File not found
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 03:06:52 | 10,095,808 | ---- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll File not found
Translate into English: C:\Program Files\Google\GoogleToolbar1.dll File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: Reg Error: Key does not exist or could not be opened. File not found
Backward Links: Reg Error: Key does not exist or could not be opened. File not found
Cached Snapshot of Page: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
Similar Pages: Reg Error: Key does not exist or could not be opened. File not found
Translate into English: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: Reg Error: Key does not exist or could not be opened. File not found
Backward Links: Reg Error: Key does not exist or could not be opened. File not found
Cached Snapshot of Page: Reg Error: Key does not exist or could not be opened. File not found
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
Similar Pages: Reg Error: Key does not exist or could not be opened. File not found
Translate into English: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
&eBay Search: C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 03:06:52 | 10,095,808 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}: Button: PokerStars -- %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [2008/06/19 23:14:58 | 00,587,032 | ---- | M] (PokerStars)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2007/10/25 10:26:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2008/06/19 23:14:58 | 00,587,032 | ---- | M] (PokerStars)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2007/10/25 10:26:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2008/06/19 23:14:58 | 00,587,032 | ---- | M] (PokerStars)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2007/10/25 10:26:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2008/06/19 23:14:58 | 00,587,032 | ---- | M] (PokerStars)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2007/10/25 10:26:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2008/06/19 23:14:58 | 00,587,032 | ---- | M] (PokerStars)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:33:52 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2007/10/25 10:26:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1152909626-3172493983-9268042-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}: http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab -- Symantec AntiVirus scanner
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://photo.walgreens.com/WalgreensActivia.cab -- Snapfish Activia
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab -- Symantec RuFSI Utility Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{6304FCC0-2FE6-4CE4-A6BB-582741223634} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{E24BA6D1-C001-4CC7-8FEA-68711235A4A5} (Servers: | Description: 1394 Net Adapter)
{EC0678D1-2FF1-4DF8-9552-1B8892D06C3A} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/12/22 20:44:27 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/26 13:04:39 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf.aug.8 [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ]
File not found -- D:\autorun.inf -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/13 00:24:13 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/13 00:21:57 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
[2009/01/12 11:39:46 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/12 11:39:44 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/01/12 11:39:44 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/12 11:39:44 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/12 11:39:43 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/01/12 11:35:58 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2009/01/02 10:48:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/12/27 12:42:57 | 00,000,000 | ---D | C] -- C:\Hijackthis
[2008/12/27 12:41:38 | 00,318,369 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.zip
[2008/12/27 01:22:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/12/27 01:16:32 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/12/27 01:16:28 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/12/27 01:16:16 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/12/27 01:14:17 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/12/27 01:14:17 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/12/27 01:14:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/12/27 01:14:17 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/12/27 01:14:17 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/12/27 01:14:17 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/27 01:14:17 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/27 01:14:17 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/12/27 01:14:09 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17462.exe
[2008/12/27 01:14:09 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/12/27 01:00:34 | 40,113,3568 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/26 02:21:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Process Explorer
[2008/12/22 20:48:19 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/12/22 20:44:27 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/12/22 20:44:27 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/12/22 20:44:23 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/12/22 20:44:21 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/12/22 20:44:12 | 31,898,148 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/22 20:44:12 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/22 20:44:12 | 00,043,917 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/22 20:44:11 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/12/22 20:44:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/12/22 20:43:50 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/12/22 20:43:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/12/19 21:19:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/12/19 21:18:50 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/12/19 21:18:50 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/12/19 21:18:49 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/12/19 21:18:49 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/12/19 21:18:49 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/12/19 21:18:48 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/12/19 21:18:47 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/12/19 21:18:47 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/12/19 21:18:46 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/12/19 21:18:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/12/19 21:16:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/12/19 21:16:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/12/19 21:15:31 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/12/19 18:32:28 | 00,056,726 | ---- | C] () -- C:\WINDOWS\System32\nnemzsrfsd.dll-uninst.exe
[2008/12/17 21:15:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2008/12/17 21:12:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/12/17 20:44:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2008/12/17 20:44:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/12/17 20:44:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/12/17 20:44:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/12/17 20:44:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/12/17 20:41:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/12/17 20:38:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/12/17 20:33:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/12/17 20:33:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/12/17 18:19:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38673444
[2008/12/17 18:18:50 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Nick Arcade Games.lnk
[2008/12/17 18:18:50 | 00,000,906 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpongeBob SquarePants 3-D.lnk
[2008/12/17 18:18:47 | 00,000,000 | ---D | C] -- C:\Program Files\Nick Arcade
[2008/12/14 19:18:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\elizabeth(private)

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/13 00:30:45 | 31,898,148 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/01/13 00:29:08 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/13 00:28:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/13 00:27:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/13 00:27:25 | 40,113,3568 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/13 00:25:53 | 06,919,536 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/01/13 00:21:58 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
[2009/01/12 11:39:46 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/01/12 11:39:44 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/01/12 11:39:44 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/12 11:39:44 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/12 11:38:11 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2009/01/12 11:38:11 | 00,811,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2009/01/12 11:35:59 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2009/01/12 03:12:30 | 00,043,917 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/27 12:41:52 | 00,318,369 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.zip
[2008/12/27 01:20:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/27 01:16:32 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/12/27 01:14:04 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17462.exe
[2008/12/24 16:15:19 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2008/12/24 16:15:18 | 00,000,598 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/22 20:45:42 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/22 20:44:27 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/12/22 20:44:27 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/12/22 20:44:23 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/12/22 20:44:21 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/12/22 20:44:12 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/12/22 20:21:16 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/20 03:01:02 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/19 21:47:14 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003.lnk
[2008/12/19 21:46:46 | 00,000,186 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GTE Federal Credit Union.url
[2008/12/19 21:46:11 | 00,000,386 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EBAY.url
@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Owner\Desktop\EBAY.url:favicon
[2008/12/19 21:43:59 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AOL MAIL.url
@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Owner\Desktop\AOL MAIL.url:favicon
[2008/12/19 21:41:22 | 00,066,360 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/19 21:33:32 | 00,056,726 | ---- | M] () -- C:\WINDOWS\System32\nnemzsrfsd.dll-uninst.exe
[2008/12/19 21:26:11 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\desktop.ini
[2008/12/17 21:14:47 | 00,383,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/17 21:14:47 | 00,053,812 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/17 21:14:46 | 00,443,380 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/17 21:12:56 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/17 21:11:25 | 00,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/17 20:38:07 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/12/17 18:18:50 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Nick Arcade Games.lnk
[2008/12/17 18:18:50 | 00,000,906 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpongeBob SquarePants 3-D.lnk
[2008/12/17 17:48:05 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2008/12/15 19:59:21 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dads xmas list 2008.xls
< End of report >

---------------

3) New OTViewIt Extra.txt

OTViewIt Extras logfile created on: 1/13/2009 12:35:25 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.48 Mb Total Physical Memory | 128.11 Mb Available Physical Memory | 33.50% Memory free
1.46 Gb Paging File | 1.09 Gb Available in Paging File | 74.42% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.34 Gb Total Space | 134.63 Gb Free Space | 93.27% Space Free | Partition Type: NTFS
Drive D: | 4.69 Gb Total Space | 2.71 Gb Free Space | 57.80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUKEMILL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/12/22 20:43:59 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2008/12/22 20:43:59 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/12/22 08:38:40 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 04:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/22 20:44:11 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 04:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 04:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/06/03 02:36:20 | 07,252,672 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/25 15:29:55 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 00:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}"=Recovery Software Suite eMachines
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}"=HP Software Update
"{160DC6F0-700B-FC31-F035-2FB209B0351A}"=Search Assistant Searchersmart
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5D95AD35-368F-47D5-B63A-A082DDF00111}"=Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}"=Microsoft Digital Image Starter Edition 2006 Library
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}"=Windows Backup Utility
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=Digital Media Reader
"{91110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{9F7FC79B-3059-4264-9450-39EB368E3225}"=Microsoft Digital Image Library 9 - Blocker
"{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9
"{B1591C79-1C35-4E09-AA15-F7D6923AFB96}"=HP Deskjet 3840
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}"=QuickTime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"All ATI Software"=ATI - Software Uninstall Utility
"Ask Toolbar_is1"=Ask Toolbar
"ATI Display Driver"=ATI Display Driver
"AVG8Uninstall"=AVG Free 8.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1"=SoftV92 Data Fax Modem with SmartCP
"Gamevance"=Gamevance
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=Digital Media Reader
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2005b"=Microsoft Money 2005
"MSN Toolbar"=MSN Toolbar
"MSNINST"=MSN
"Nero - Burning Rom!UninstallKey"=Nero OEM
"Nero BurnRights!UninstallKey"=Nero BurnRights
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PictureItSuiteTrial_v11"=Microsoft Digital Image Starter Edition 2006
"PokerStars"=PokerStars
"RealPlayer 6.0"=RealPlayer
"SpongeBob SquarePants 3-D"=SpongeBob SquarePants 3-D
"ViewpointMediaPlayer"=Viewpoint Media Player
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 3
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Search Defender"=Yahoo! Search Protection
"Yahoo! Toolbar"=Yahoo! Toolbar
"YInstHelper"=Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/19/2008 7:24:39 PM | Computer Name = BUKEMILL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2008 7:25:22 PM | Computer Name = BUKEMILL | Source = Application Hang | ID = 1001
Description = Fault bucket 724398357.

Error - 12/19/2008 7:25:22 PM | Computer Name = BUKEMILL | Source = Application Hang | ID = 1001
Description = Fault bucket 724398357.

Error - 12/19/2008 7:29:27 PM | Computer Name = BUKEMILL | Source = Application Hang | ID = 1002
Description = Hanging application setup_241_3777_[1].exe, version 0.0.0.0, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2008 7:38:13 PM | Computer Name = BUKEMILL | Source = AVG7 | ID = 100
Description =

Error - 12/19/2008 7:52:30 PM | Computer Name = BUKEMILL | Source = Application Error | ID = 1000
Description = Faulting application ~tmpb.exe, version 0.0.0.0, faulting module msvcrt.dll,
version 7.0.2600.5512, fault address 0x00036e5a.

Error - 12/19/2008 10:27:16 PM | Computer Name = BUKEMILL | Source = AVG7 | ID = 100
Description =

Error - 12/22/2008 9:45:07 PM | Computer Name = BUKEMILL | Source = Application Hang | ID = 1002
Description = Hanging application ~tmpd.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/24/2008 2:11:56 AM | Computer Name = BUKEMILL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module askbar.dll, version 4.1.0.2, fault address 0x0001f497.

Error - 12/24/2008 2:12:43 AM | Computer Name = BUKEMILL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module askbar.dll, version 4.1.0.2, fault address 0x0001f497.

[ System Events ]
Error - 12/26/2008 11:04:12 AM | Computer Name = BUKEMILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/27/2008 1:51:26 AM | Computer Name = BUKEMILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/27/2008 1:52:10 AM | Computer Name = BUKEMILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/27/2008 1:52:16 AM | Computer Name = BUKEMILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/27/2008 1:59:33 AM | Computer Name = BUKEMILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/27/2008 2:02:37 AM | Computer Name = BUKEMILL | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.5, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 12/27/2008 2:36:34 AM | Computer Name = BUKEMILL | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.5, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 1/1/2009 3:37:00 PM | Computer Name = BUKEMILL | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.5, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 1/11/2009 1:05:52 PM | Computer Name = BUKEMILL | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.6, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 1/13/2009 1:28:44 AM | Computer Name = BUKEMILL | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.6, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.


< End of report >

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:02 PM

Posted 13 January 2009 - 08:52 PM

Hello, ToneLoc78
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 ToneLoc78

ToneLoc78
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 14 January 2009 - 10:30 PM

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3763 (20090113)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=b73a88d2c9a87640a4ef8e59b18cf7db
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-14 06:51:32
# local_time=2009-01-14 01:51:32 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=396928
# found=0
# scan_time=2810

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:02 PM

Posted 14 January 2009 - 10:43 PM

Hello, ToneLoc78
Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please reopen Posted Image on your desktop.
  • Push the large "Cleanup" button
  • Allow your system to reboot
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 ToneLoc78

ToneLoc78
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 16 January 2009 - 12:58 AM

When I run a scan using the program Superantispyware, I still get registry hits for Adware.WinSrc.
Is this scanner reliable? I have attached a print screen with the scan results.

Attached Files



#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:02 PM

Posted 16 January 2009 - 12:43 PM

Hello, ToneLoc78
It's generally reliable, but I think it's making a mistake here. We'll give it another check:


We need to upload a file for further inspection
  • Please go to this page.
  • Where it asks for the "Link to where the file was requested" copy and paste in
    http://www.bleepingcomputer.com/forums/t/189675/adwarewinsrc/
  • Where it says "Browse to the file you want to submit", browse to
    c:\Windows\System32\WinSrc.dll
  • Press the Posted Image button.
BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 ToneLoc78

ToneLoc78
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 17 January 2009 - 12:48 AM

OK, it looks like it sent.

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:02 PM

Posted 17 January 2009 - 02:11 AM

Hello, ToneLoc78
Doesn't appear to have worked :thumbsup:

Posted Image

Looks like it's being stubborn. I've got another way to upload it which I wanted to avoid because it's like killing a mouse with an elephant gun, but here we go :)

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :)
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 ToneLoc78

ToneLoc78
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 17 January 2009 - 10:25 AM

As a note, when I went to upload the WinSrc.dll file, I could not browse to it. In fact, I couldn't find it on my computer. I cut/pasted the path hoping that maybe it was hidden and would upload anyway if it was there.
The only version of WinSrc I could find in a search is in a virus vault from 12/24/08.
--------------------

ComboFix 09-01-16.03 - Owner 2009-01-17 9:55:20.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.137 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.

2009-01-17 09:54 . 2009-01-17 09:54 <DIR> d-------- C:\32788R22FWJFW
2009-01-14 01:03 . 2009-01-14 01:51 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-13 00:24 . 2009-01-13 00:24 <DIR> d-------- C:\_OTMoveIt
2009-01-12 11:39 . 2009-01-12 11:39 250 --a------ c:\windows\gmer.ini
2009-01-02 10:48 . 2009-01-02 10:48 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-27 12:42 . 2008-12-27 12:43 <DIR> d-------- C:\Hijackthis
2008-12-27 01:42 . 2008-12-27 01:42 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-22 20:48 . 2008-12-25 18:04 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-22 20:44 . 2009-01-17 02:56 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-22 20:44 . 2008-12-22 20:44 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-22 20:44 . 2008-12-22 20:44 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-22 20:44 . 2008-12-22 20:44 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-22 20:43 . 2008-12-22 20:43 <DIR> d-------- c:\program files\AVG
2008-12-22 20:43 . 2008-12-22 20:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-21 12:18 . 2008-12-21 12:18 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Yahoo!
2008-12-19 21:18 . 2008-10-16 15:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-19 21:18 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-19 21:18 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-19 21:18 . 2008-10-16 15:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-19 21:18 . 2008-10-16 15:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-19 21:18 . 2008-10-16 15:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-19 21:18 . 2008-10-16 15:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-19 21:18 . 2008-10-16 15:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-19 21:18 . 2008-10-16 08:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 18:32 . 2008-12-19 21:33 56,726 --a------ c:\windows\system32\nnemzsrfsd.dll-uninst.exe
2008-12-17 21:15 . 2008-12-17 21:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-17 20:44 . 2008-12-17 20:44 <DIR> d-------- c:\windows\system32\scripting
2008-12-17 20:44 . 2008-12-17 20:44 <DIR> d-------- c:\windows\system32\en
2008-12-17 20:44 . 2008-12-17 20:44 <DIR> d-------- c:\windows\system32\bits
2008-12-17 20:44 . 2008-12-17 20:44 <DIR> d-------- c:\windows\l2schemas
2008-12-17 20:41 . 2008-12-17 20:44 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-17 20:33 . 2008-12-17 20:33 <DIR> d-------- c:\windows\EHome
2008-12-17 18:19 . 2008-12-17 18:44 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-17 18:18 . 2008-12-17 18:18 <DIR> d-------- c:\program files\Nick Arcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 04:23 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-27 06:42 --------- d-----w c:\program files\Java
2008-12-27 06:20 --------- d-----w c:\program files\Gamevance
2008-12-26 03:59 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-26 03:57 --------- d-----w c:\program files\Lavasoft
2008-12-26 03:56 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-17 23:18 --------- d-----w c:\program files\Yahoo!
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
.

((((((((((((((((((((((((((((( snapshot_2008-12-27_ 1.21.53.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-12 16:39:44 884,736 ----a-w c:\windows\gmer.dll
+ 2009-01-12 16:38:11 811,008 ----a-w c:\windows\gmer.exe
- 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NirCmd.exe
+ 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NirCmd.exe
- 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 -c----w c:\windows\system32\dllcache\srv.sys
+ 2009-01-12 16:39:44 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2008-12-18 02:11:25 250,288 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-15 03:24:34 250,288 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2007-09-25 03:30:28 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-27 06:42:16 144,792 ----a-w c:\windows\system32\java.exe
- 2007-09-25 03:30:30 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-27 06:42:16 144,792 ----a-w c:\windows\system32\javaw.exe
- 2007-09-25 04:31:42 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-27 06:42:16 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2007-07-27 19:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 19:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
+ 2005-12-06 00:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 17:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
- 2008-12-09 20:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2008-02-11 14:39:26 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2008-02-11 14:39:18 237,568 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2008-02-08 18:53:46 110,592 ----a-w c:\windows\system32\OnlineScannerLang.dll
+ 2008-02-05 13:48:04 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
+ 2009-01-16 04:26:05 16,384 ----atw c:\windows\temp\Perflib_Perfdata_3f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-25 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-22 1261336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-12-25 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=c:\windows\pss\Install Pending Files.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 13:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-14 01:42 212992 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 22:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-11-15 17:04 135168 c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-22 12:37 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-06-08 09:59 224248 c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-22 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-22 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-22 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-22 76040]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 09:57:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\winsrc.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{31343560-3468-C143-11E4-3F25159B4CF3}\Implemented Categories]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{31343560-3468-C143-11E4-3F25159B4CF3}\InProcServer32]
@DACL=(02 0000)
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\nnemzsrfsd.dll"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{31343560-3468-C143-11E4-3F25159B4CF3}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FA550177-1084-DCEB-AF8B-CFA5C19B8FA6}\InProcServer32]
@DACL=(02 0000)
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\nnemzsrfsd.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(648)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-17 9:59:13
ComboFix-quarantined-files.txt 2009-01-17 14:58:59
ComboFix2.txt 2008-12-27 06:22:41
ComboFix3.txt 2007-12-12 00:42:35

Pre-Run: 144,353,959,936 bytes free
Post-Run: 144,437,215,232 bytes free

197 --- E O F --- 2009-01-14 08:03:49




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users