Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log File


  • This topic is locked This topic is locked
20 replies to this topic

#1 Rexal

Rexal

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 01 January 2009 - 10:11 PM

Please look over the HijackThis Log file. I've been having a lot of difficulties with my laptop recently and pretty sure it's infected with something.
I'll be very interested in hearing any opinions. Thanks for the help..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:35 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158886316656
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10060 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 Rexal

Rexal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 02 January 2009 - 08:50 AM

I believe my problems started when I downloaded a questionable Realplayer codec. :thumbsup:

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 09 January 2009 - 04:45 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log
  • Description of Problems you still have

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 Rexal

Rexal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 09 January 2009 - 11:25 PM

Thanks EB for the help. I really do appreciate it.

What alerted me that something was wrong was that I couldn't update my security software (Trend Micro). I still can’t.
Now, I’ve also noticed that I get redirected by the Google search links. For example, I go to Google.com and type in Microsoft in the search field. I click on one of the links and I get redirected to a totally different site. What I’ve noticed is if I hit the back button to the Google page before the redirected pages loads (the redirection takes a little time for the page to load) the links will work correctly. I can also type the URL directly in the address bar and everything loads correctly.

What I think happened is that I downloaded an infected codec. I remember thinking, "Man, that was a wierd download." I beleive Trend Micro warned me about the the download. I clicked through everything so fast I can't remember.

I couldn’t run the Kaspersky scanner. I get the following error message.

"Microsoft JScript compilation error - syntax error"

It looked like it the program downloaded correctly, but it threw the error message when downloading the updated database.


OTViewIt logfile created on: 1/9/2009 9:50:37 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Al\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.77% Memory free
3.85 Gb Paging File | 3.51 Gb Available in Paging File | 91.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.17 Gb Total Space | 38.22 Gb Free Space | 48.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SGH-L
Current User Name: Al
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2009/01/01 17:21:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/10/02 19:02:40 | 00,703,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2008/08/29 14:57:08 | 00,337,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
[2008/09/22 19:14:12 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
[2008/02/18 19:29:26 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
[2008/07/13 17:03:56 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2006/03/08 11:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2005/06/10 10:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2006/10/18 18:04:28 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2006/10/18 17:58:16 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2005/09/29 14:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2005/05/31 04:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2005/02/23 15:57:24 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Mixer\CTSVolFE.exe
[2003/10/13 16:24:14 | 01,732,608 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
[2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
[2009/01/01 17:21:57 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/09/22 19:12:58 | 01,398,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
[2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2008/12/02 15:11:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/01/09 21:49:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/11/21 09:00:53 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2003/10/13 16:24:14 | 00,061,440 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue [Disabled | Stopped])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/05/23 06:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2006/09/15 21:37:44 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service [Disabled | Stopped])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [Disabled | Stopped])
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Disabled | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
[2009/01/01 17:21:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Disabled | Stopped])
[2008/12/22 18:55:50 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE -- (PSEXESVC [Disabled | Stopped])
[2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Disabled | Stopped])
[2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Disabled | Stopped])
[2008/10/02 19:02:40 | 00,703,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
[2008/08/29 14:57:08 | 00,337,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
[2008/09/22 19:14:12 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [On_Demand | Running])
[2008/02/18 19:29:26 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Running])
[2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Disabled | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/11/29 20:56:35 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/05/23 07:06:36 | 01,578,496 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/08/05 09:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2005/01/10 18:15:00 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2005/05/25 17:34:00 | 00,158,464 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN [On_Demand | Running])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/04/22 02:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2005/04/21 01:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/07/21 20:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2005/07/21 20:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2004/03/16 20:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/01/04 15:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt [On_Demand | Running])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2006/10/17 11:55:28 | 01,711,104 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 09:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2005/01/10 18:15:00 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2004/08/10 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/08/05 17:02:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/10/14 08:40:18 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/10/14 08:40:18 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2005/10/14 08:40:18 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [On_Demand | Running])
[2006/10/19 09:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2005/05/13 09:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2005/05/13 09:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2007/05/10 10:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006/03/08 11:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2005/05/31 04:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2005/05/31 04:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2005/05/31 04:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2005/05/31 04:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2005/05/31 04:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2005/05/31 04:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2005/05/31 04:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2005/05/31 04:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2005/05/31 04:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2008/02/18 19:29:20 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running])
[2008/02/18 19:29:20 | 00,333,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running])
[2008/02/18 19:29:20 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/02/18 19:29:20 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running])
[2008/08/16 03:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2008/02/18 19:29:22 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/08/16 03:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/08/16 02:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])
[2006/04/26 16:13:04 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Stopped])
[2005/07/21 20:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.com
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (693 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\BAE\BAE.dll (Dell Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
"AdobeVersionCue"=C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Sytems)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r (Creative Technology Ltd)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray (Andrea Electronics Corporation)

========== (O4) Startup Folders ==========

[2008/09/18 07:18:26 | 00,025,214 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
[2003/10/12 19:00:10 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2003/10/12 19:00:10 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2001/02/13 00:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
musicmatch.com\online: https in My Computer
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
118 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
118 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1158886316656 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{6C0B6B47-90D5-4920-90C4-5487296F4561} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)
{E181A722-B237-466E-BAE3-F7D2139BE23C} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{F87CDB8C-D815-422C-AF23-5CCB72FFCEF0} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 04:43:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun\command]
""=RavMon.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\explore\Command]
""=RavMon.exe -e


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\open\Command]
""=RavMon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/09 21:49:29 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe
[2009/01/08 19:39:40 | 21,458,45248 | -HS- | C] () -- C:\hiberfil.sys
[2009/01/05 00:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Local Settings\Application Data\Help
[2009/01/05 00:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\Help
[2009/01/05 00:21:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2009/01/04 23:57:49 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/01/04 23:57:49 | 00,052,496 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/01/04 23:57:49 | 00,052,240 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2009/01/04 23:57:29 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2009/01/04 23:57:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2009/01/04 23:56:06 | 71,082,360 | ---- | C] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\tis166en-us_1092_x32.exe
[2009/01/04 22:04:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Trend Micro Internet Security
[2009/01/04 21:34:11 | 02,772,344 | ---- | C] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\EzInstall(3).exe
[2009/01/02 21:13:30 | 00,719,691 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\090102210956.zip
[2009/01/01 21:32:01 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\HijackThis.lnk
[2009/01/01 21:31:51 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Al\Desktop\HJTInstall.exe
[2009/01/01 16:58:05 | 00,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/01/01 16:58:05 | 00,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/01/01 16:58:05 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/01/01 16:58:05 | 00,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/01/01 16:58:05 | 00,000,988 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/01/01 16:58:05 | 00,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2009/01/01 14:31:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\HouseCall 6.6
[2009/01/01 12:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\HouseCall 6.6
[2008/12/31 13:15:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\System Cleaner
[2008/12/31 13:04:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\My Documents\System Cleaner
[2008/12/31 13:03:57 | 47,189,804 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\System Cleaner.zip
[2008/12/30 21:52:20 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/30 21:35:38 | 04,174,814 | ---- | C] () -- C:\WINDOWS\System32\ct4mgm.sf2
[2008/12/30 21:35:38 | 00,000,059 | ---- | C] () -- C:\WINDOWS\System32\default4.sfm
[2008/12/30 21:35:34 | 00,040,448 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\System32\CiEcho.dll
[2008/12/30 21:35:34 | 00,011,776 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\inres.dll
[2008/12/30 21:09:48 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2008/12/30 21:09:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/12/30 20:48:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/12/30 20:47:38 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\Windows Media Player.lnk
[2008/12/30 20:43:53 | 00,146,944 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\st325602.dll
[2008/12/30 20:38:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Drivers
[2008/12/30 20:37:48 | 64,577,299 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\My_Downloads_List193220.zip
[2008/12/30 20:23:41 | 01,380,902 | ---- | C] () -- C:\Documents and Settings\Al\My Documents\cc_20081230_202336.reg
[2008/12/30 20:17:43 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\CCleaner.lnk
[2008/12/30 20:17:43 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/30 20:13:44 | 03,165,824 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Al\Desktop\ccsetup215.exe
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2008/12/22 18:55:50 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2008/12/22 18:55:49 | 00,135,168 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\services.exe
[2008/12/22 18:55:49 | 00,000,176 | ---- | C] () -- C:\WINDOWS\eower.vbs
[2008/12/22 18:55:49 | 00,000,045 | ---- | C] () -- C:\WINDOWS\sys.bat
[2008/12/22 18:55:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Setup
[2008/12/22 18:55:48 | 00,000,000 | ---D | C] -- C:\Program Files\Setup
[2008/12/22 18:55:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\HDTVXviD Codec
[2008/12/12 17:44:52 | 01,499,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll

========== Files - Modified Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/09 21:49:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe
[2009/01/09 21:45:08 | 00,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/01/09 21:45:06 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/09 21:43:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/09 21:43:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/09 21:43:24 | 21,458,45248 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/09 21:25:54 | 08,051,464 | -H-- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\IconCache.db
[2009/01/08 19:05:38 | 00,000,693 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/01/04 23:57:29 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2009/01/04 23:56:36 | 71,082,360 | ---- | M] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\tis166en-us_1092_x32.exe
[2009/01/04 21:34:38 | 02,772,344 | ---- | M] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\EzInstall(3).exe
[2009/01/02 21:11:17 | 00,719,691 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\090102210956.zip
[2009/01/01 21:32:01 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\HijackThis.lnk
[2009/01/01 21:31:58 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Al\Desktop\HJTInstall.exe
[2009/01/01 16:58:08 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009/01/01 16:58:08 | 00,000,112 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/01 16:58:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/31 13:04:09 | 47,189,804 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\System Cleaner.zip
[2008/12/30 21:52:20 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/30 21:35:43 | 00,000,424 | RH-- | M] () -- C:\WINDOWS\ctfile.rfc
[2008/12/30 21:09:48 | 00,000,347 | ---- | M] () -- C:\WINDOWS\CTWave32.INI
[2008/12/30 21:09:43 | 00,000,029 | ---- | M] () -- C:\WINDOWS\sfbm.INI
[2008/12/30 20:47:38 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Windows Media Player.lnk
[2008/12/30 20:37:50 | 64,577,299 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\My_Downloads_List193220.zip
[2008/12/30 20:24:12 | 01,380,902 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\cc_20081230_202336.reg
[2008/12/30 20:17:43 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\CCleaner.lnk
[2008/12/30 20:13:50 | 03,165,824 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Al\Desktop\ccsetup215.exe
[2008/12/23 23:31:18 | 00,000,507 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/23 23:02:07 | 00,290,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2008/12/23 20:30:45 | 00,400,966 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/23 20:30:45 | 00,062,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/23 19:54:49 | 00,467,764 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/22 18:55:50 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2008/12/20 22:03:00 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/16 21:36:34 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2008/12/16 21:36:13 | 00,001,460 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\DivX Movies.lnk
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
< End of report >


OTViewIt Extras logfile created on: 1/9/2009 9:50:37 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Al\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.77% Memory free
3.85 Gb Paging File | 3.51 Gb Available in Paging File | 91.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.17 Gb Total Space | 38.22 Gb Free Space | 48.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SGH-L
Current User Name: Al
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/10/26 18:23:00 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Program Files\Trend Micro\Internet Security 12\pccmain.exe:*:Enabled:Trend Micro PC-cillin Internet Security 12

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/04 18:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/24 14:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}"=Adobe Creative Suite 2
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}"=mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}"=Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD LE
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}"=Broadcom Management Programs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{4667B940-BB01-428B-986E-A0CC46497BF7}"=ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}"=mHlpDell
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}"=mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}"=Digital Content Portal
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}"=Trend Micro Internet Security
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F4C8163-F259-49A0-A018-2857A90578BC}"=Adobe InDesign CS2
"{85D3CC30-8859-481A-9654-FD9B74310BEF}"=Musicmatch® Jukebox
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}"=URGE
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}"=Andrea VoiceCenter
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}"=mDrWiFi
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}"=Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}"=mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}"=SigmaTel Audio
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}"=Trend Micro Internet Security
"{A683A2C0-821C-486F-858C-FA634DB5E864}"=EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic Audio module
"{AC76BA86-1033-0000-7760-000000000002}"=Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A70800000002}"=Adobe Reader 7.0.8
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}"=Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}"=Adobe Illustrator CS2
"{B6884A07-0305-47AE-9969-8F26FADC17DE}"=Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}"=Suite Specific
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}"=AIM Pro
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}"=Adobe Creative Suite
"{E81667C6-2856-46D6-ABEA-6A2F42166779}"=mCore
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}"=Consumer Complete Care Services Agreement
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe SVG Viewer"=Adobe SVG Viewer 3.0
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"ATI Display Driver"=ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F"=Otto
"BluesCluesPreschoolDKey"=Blue's Preschool
"CCleaner"=CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3"=Conexant HDA D110 MDC V.92 Modem
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"Dell Game Console"=Dell Game Console
"DVD Shrink_is1"=DVD Shrink 3.2
"EmeraldQFE2"=Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"HijackThis"=HijackThis 2.0.2
"hp deskjet 5100 series_Driver"=hp deskjet 5100 series
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MIXERLITE"=Mixer
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"ProInst"=Intel® PROSet/Wireless Software
"RealPlayer 6.0"=RealPlayer
"rrpw32.exe"=Reader Rabbit's Preschool
"SAMB_ADVMB_FILTER_DRV"=Sound Blaster ADVANCED MB Drivers
"SearchAssist"=SearchAssist
"Strawberry Shortcake - Amazing Cookie Party"=Strawberry Shortcake - Amazing Cookie Party
"StreetPlugin"=Learn2 Player (Uninstall Only)
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"Trend Micro HouseCall 6.6"=HouseCall 6.6
"Trillian"=Trillian
"Tux Paint_is1"=Tux Paint 0.9.20b
"ViewpointMediaPlayer"=Viewpoint Media Player
"WebCyberCoach_wtrb"=WebCyberCoach 3.2 Dell
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2009 2:26:00 PM | Computer Name = SGH-L | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/8/2009 8:40:10 PM | Computer Name = SGH-L | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/8/2009 8:40:10 PM | Computer Name = SGH-L | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/8/2009 8:40:15 PM | Computer Name = SGH-L | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 1/9/2009 10:08:47 PM | Computer Name = SGH-L | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/9/2009 10:08:47 PM | Computer Name = SGH-L | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/9/2009 10:08:48 PM | Computer Name = SGH-L | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 1/9/2009 10:43:38 PM | Computer Name = SGH-L | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/9/2009 10:43:38 PM | Computer Name = SGH-L | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/9/2009 10:43:39 PM | Computer Name = SGH-L | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 1/8/2009 8:07:40 PM | Computer Name = SGH-L | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/8/2009 8:39:57 PM | Computer Name = SGH-L | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 1/8/2009 8:41:08 PM | Computer Name = SGH-L | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/8/2009 8:54:27 PM | Computer Name = SGH-L | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
AHLAVIN1 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{6C0B6B47-90D5-4920-. The master browser is stopping or an election
is being forced.

Error - 1/8/2009 8:59:41 PM | Computer Name = SGH-L | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{6C0B6B47-90D5-4920-90C4-5487296F4561}. The
backup browser is stopping.

Error - 1/8/2009 9:59:43 PM | Computer Name = SGH-L | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
AHLAVIN1 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{6C0B6B47-90D5-4920-. The master browser is stopping or an election
is being forced.

Error - 1/8/2009 11:11:41 PM | Computer Name = SGH-L | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
AHLAVIN1 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{6C0B6B47-90D5-4920-. The master browser is stopping or an election
is being forced.

Error - 1/9/2009 10:08:57 PM | Computer Name = SGH-L | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 1/9/2009 10:20:01 PM | Computer Name = SGH-L | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
AHLAVIN1 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{6C0B6B47-90D5-4920-. The master browser is stopping or an election
is being forced.

Error - 1/9/2009 10:45:11 PM | Computer Name = SGH-L | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}


< End of report >

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 10 January 2009 - 12:16 PM

Hello.

Thanks for the detailed explanation.

What I think happened is that I downloaded an infected codec. I remember thinking, "Man, that was a wierd download." I beleive Trend Micro warned me about the the download. I clicked through everything so fast I can't remember.

Be careful about that.. :thumbsup: That is why even having numerous number of security programs can't help you if you decided not to listen to it.. Not good if you downloaded an infected codec, but I can't really blame you on that except that your AV warned you about it.

Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Run a different online scan:

Run ESET Online Scan
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start. If you see a "Security Warning" that asks if you want to install and run a file called "OnlineScanner.cab", click Yes.
  • Click Start. The online scanner will now prepare itself for running on your pc.
  • To do a full-scan, tick: Remove found threats and Scan potentially unwanted applications.
  • Press Scan. The Onlinescan will now start and scan your computer. Please be patient as this a while.
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window.
  • Click Start, then Run.... The the box that appears type with the quotes:
    "C:\Program Files\EsetOnlineScanner\log.txt"
  • The scan results will now open in Notepad
  • Click into the text area, right-click and chose select all. Right-click again and chose Copy.
  • Post back with the log.txt in your next reply.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

One question for you: Is it Internet Explorer that causes google redirects or Firefox or both? Also what specfic sites do you get redirected, that may help me.

Post back with:
-Malwarebytes Anti-Malware log
-ESET scan log
-Answers to my question
-New OTViewiT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 Rexal

Rexal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 11 January 2009 - 11:22 AM

ExtremeBoy,

Fool me once, shame on you; fool me twice, shame on me.
That won't happen again.


Both Firefox & Internet Explorer caused the google redirect.



Malwarebytes' Anti-Malware 1.32
Database version: 1642
Windows 5.1.2600 Service Pack 3

1/11/2009 9:11:47 AM
mbam-log-2009-01-11 (09-11-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 143302
Time elapsed: 1 hour(s), 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Al\Start Menu\Programs\videosoft (Trojan.DNSChanger) -> No action taken.

Files Infected:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> No action taken.
C:\WINDOWS\system32\msqpdxkyavqbdw.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\drivers\msqpdxmpfubqjl.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\services.exe (Backdoor.ProRat) -> No action taken.



ESET Log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3756 (20090110)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=220da242c8991641a5e352be065cd012
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-11 03:15:34
# local_time=2009-01-11 10:15:34 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=299459
# found=0
# scan_time=2512



OTViewIt logfile created on: 1/11/2009 10:53:56 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Al\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.18% Memory free
3.85 Gb Paging File | 3.47 Gb Available in Paging File | 90.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.17 Gb Total Space | 39.97 Gb Free Space | 50.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SGH-L
Current User Name: Al
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2009/01/01 17:21:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2008/07/13 17:03:56 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2006/03/08 11:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2005/06/10 10:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2006/10/18 18:04:28 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2006/10/18 17:58:16 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2005/09/29 14:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2005/05/31 04:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2005/02/23 15:57:24 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Mixer\CTSVolFE.exe
[2003/10/13 16:24:14 | 01,732,608 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
[2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
[2009/01/01 17:21:57 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/13 19:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/12/02 15:11:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/01/09 21:49:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/11/21 09:00:53 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2003/10/13 16:24:14 | 00,061,440 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue [Disabled | Stopped])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/05/23 06:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2006/09/15 21:37:44 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service [Disabled | Stopped])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [Disabled | Stopped])
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Disabled | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
[2009/01/01 17:21:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Disabled | Stopped])
[2008/12/22 18:55:50 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE -- (PSEXESVC [Disabled | Stopped])
[2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Disabled | Stopped])
[2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Disabled | Stopped])
[2008/10/02 19:02:40 | 00,703,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Stopped])
[2008/08/29 14:57:08 | 00,337,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Stopped])
[2008/09/22 19:14:12 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [On_Demand | Stopped])
[2008/02/18 19:29:26 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Stopped])
[2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Disabled | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/11/29 20:56:35 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/05/23 07:06:36 | 01,578,496 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/08/05 09:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2005/01/10 18:15:00 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2005/05/25 17:34:00 | 00,158,464 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN [On_Demand | Running])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/04/22 02:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2005/04/21 01:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/07/21 20:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2005/07/21 20:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2004/03/16 20:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/01/04 15:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt [On_Demand | Running])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2006/10/17 11:55:28 | 01,711,104 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 09:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2005/01/10 18:15:00 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2004/08/10 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/08/05 17:02:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/10/14 08:40:18 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/10/14 08:40:18 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2005/10/14 08:40:18 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [On_Demand | Running])
[2006/10/19 09:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2005/05/13 09:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2005/05/13 09:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2007/05/10 10:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006/03/08 11:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2005/05/31 04:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2005/05/31 04:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2005/05/31 04:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2005/05/31 04:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2005/05/31 04:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2005/05/31 04:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2005/05/31 04:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2005/05/31 04:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2005/05/31 04:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2008/02/18 19:29:20 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Stopped])
[2008/02/18 19:29:20 | 00,333,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running])
[2008/02/18 19:29:20 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/02/18 19:29:20 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Stopped])
[2008/08/16 03:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2008/02/18 19:29:22 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/08/16 03:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/08/16 02:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])
[2006/04/26 16:13:04 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Stopped])
[2005/07/21 20:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.com
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (693 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\BAE\BAE.dll (Dell Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
"AdobeVersionCue"=C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Sytems)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r (Creative Technology Ltd)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray (Andrea Electronics Corporation)

========== (O4) Startup Folders ==========

[2008/09/18 07:18:26 | 00,025,214 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
[2003/10/12 19:00:10 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2003/10/12 19:00:10 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2001/02/13 00:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
musicmatch.com\online: https in My Computer
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1158886316656 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{6C0B6B47-90D5-4920-90C4-5487296F4561} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)
{E181A722-B237-466E-BAE3-F7D2139BE23C} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{F87CDB8C-D815-422C-AF23-5CCB72FFCEF0} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 04:43:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun\command]
""=RavMon.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\explore\Command]
""=RavMon.exe -e


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\open\Command]
""=RavMon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/11 09:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/01/11 08:04:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\Malwarebytes
[2009/01/11 08:04:05 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/11 08:04:05 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/11 08:04:03 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/11 08:04:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/11 08:04:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/11 08:03:29 | 02,697,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Al\Desktop\mbam-setup.exe
[2009/01/09 21:49:29 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe
[2009/01/08 19:39:40 | 21,458,45248 | -HS- | C] () -- C:\hiberfil.sys
[2009/01/05 00:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Local Settings\Application Data\Help
[2009/01/05 00:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\Help
[2009/01/05 00:21:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2009/01/04 23:57:49 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/01/04 23:57:49 | 00,052,496 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/01/04 23:57:49 | 00,052,240 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2009/01/04 23:57:29 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2009/01/04 23:57:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2009/01/04 23:56:06 | 71,082,360 | ---- | C] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\tis166en-us_1092_x32.exe
[2009/01/04 22:04:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Trend Micro Internet Security
[2009/01/04 21:34:11 | 02,772,344 | ---- | C] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\EzInstall(3).exe
[2009/01/02 21:13:30 | 00,719,691 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\090102210956.zip
[2009/01/01 21:32:01 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\HijackThis.lnk
[2009/01/01 21:31:51 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Al\Desktop\HJTInstall.exe
[2009/01/01 16:58:05 | 00,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/01/01 16:58:05 | 00,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/01/01 16:58:05 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/01/01 16:58:05 | 00,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/01/01 16:58:05 | 00,000,988 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/01/01 16:58:05 | 00,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2009/01/01 14:31:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\HouseCall 6.6
[2009/01/01 12:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\HouseCall 6.6
[2008/12/31 13:15:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\System Cleaner
[2008/12/31 13:04:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\My Documents\System Cleaner
[2008/12/31 13:03:57 | 47,189,804 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\System Cleaner.zip
[2008/12/30 21:52:20 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/30 21:35:38 | 04,174,814 | ---- | C] () -- C:\WINDOWS\System32\ct4mgm.sf2
[2008/12/30 21:35:38 | 00,000,059 | ---- | C] () -- C:\WINDOWS\System32\default4.sfm
[2008/12/30 21:35:34 | 00,040,448 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\System32\CiEcho.dll
[2008/12/30 21:35:34 | 00,011,776 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\inres.dll
[2008/12/30 21:09:48 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2008/12/30 21:09:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/12/30 20:48:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/12/30 20:47:38 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\Windows Media Player.lnk
[2008/12/30 20:43:53 | 00,146,944 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\st325602.dll
[2008/12/30 20:38:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Drivers
[2008/12/30 20:37:48 | 64,577,299 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\My_Downloads_List193220.zip
[2008/12/30 20:23:41 | 01,380,902 | ---- | C] () -- C:\Documents and Settings\Al\My Documents\cc_20081230_202336.reg
[2008/12/30 20:17:43 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\CCleaner.lnk
[2008/12/30 20:17:43 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/30 20:13:44 | 03,165,824 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Al\Desktop\ccsetup215.exe
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2008/12/22 18:55:50 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2008/12/22 18:55:49 | 00,000,176 | ---- | C] () -- C:\WINDOWS\eower.vbs
[2008/12/22 18:55:49 | 00,000,045 | ---- | C] () -- C:\WINDOWS\sys.bat
[2008/12/22 18:55:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Setup
[2008/12/22 18:55:48 | 00,000,000 | ---D | C] -- C:\Program Files\Setup
[2008/12/22 18:55:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\HDTVXviD Codec
[2008/12/12 17:44:52 | 01,499,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll

========== Files - Modified Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/11 09:14:53 | 00,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/01/11 09:14:17 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/11 09:13:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/11 09:13:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/11 09:13:05 | 21,458,45248 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/11 09:12:16 | 13,374,798 | -H-- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\IconCache.db
[2009/01/11 08:04:05 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/11 08:03:43 | 02,697,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Al\Desktop\mbam-setup.exe
[2009/01/09 21:49:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe
[2009/01/08 19:05:38 | 00,000,693 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/01/04 23:57:29 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2009/01/04 23:56:36 | 71,082,360 | ---- | M] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\tis166en-us_1092_x32.exe
[2009/01/04 21:34:38 | 02,772,344 | ---- | M] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\EzInstall(3).exe
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/02 21:11:17 | 00,719,691 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\090102210956.zip
[2009/01/01 21:32:01 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\HijackThis.lnk
[2009/01/01 21:31:58 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Al\Desktop\HJTInstall.exe
[2009/01/01 16:58:08 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009/01/01 16:58:08 | 00,000,112 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/01 16:58:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/31 13:04:09 | 47,189,804 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\System Cleaner.zip
[2008/12/30 21:52:20 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/30 21:35:43 | 00,000,424 | RH-- | M] () -- C:\WINDOWS\ctfile.rfc
[2008/12/30 21:09:48 | 00,000,347 | ---- | M] () -- C:\WINDOWS\CTWave32.INI
[2008/12/30 21:09:43 | 00,000,029 | ---- | M] () -- C:\WINDOWS\sfbm.INI
[2008/12/30 20:47:38 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Windows Media Player.lnk
[2008/12/30 20:37:50 | 64,577,299 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\My_Downloads_List193220.zip
[2008/12/30 20:24:12 | 01,380,902 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\cc_20081230_202336.reg
[2008/12/30 20:17:43 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\CCleaner.lnk
[2008/12/30 20:13:50 | 03,165,824 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Al\Desktop\ccsetup215.exe
[2008/12/23 23:31:18 | 00,000,507 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/23 23:02:07 | 00,290,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2008/12/23 20:30:45 | 00,400,966 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/23 20:30:45 | 00,062,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/23 19:54:49 | 00,467,764 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/22 18:55:50 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2008/12/20 22:03:00 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/16 21:36:34 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2008/12/16 21:36:13 | 00,001,460 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\DivX Movies.lnk
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
< End of report >

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 11 January 2009 - 11:49 AM

Hello.

Yes, it seems a rootkit is involved with this again.. That rootkit is probably causing some redirections here.. I wanted to see if Malwarebytes Anti-Malware could find anything.. Also next time when you run MBAM, please remove everything it finds, I see "No action take" from your MBAM log..

Posted ImageRootkit Threat

Unfortunatly One or more of the identified infections is a Rootkit/backdoor trojan.

IMPORTANT NOTE: One of the infection is related to a nasty variant of the TDSSSERV rootkit component. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, please do the following.

We will start off with Combofix.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
If GMER doesn't work in Normal Mode try running it in Safe Mode

Important!:Please do not select the Show all checkbox during the scan..

Post back with:
-Combofix log
-GMER log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 Rexal

Rexal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 11 January 2009 - 07:08 PM

Malwarebytes' Anti-Malware 1.32
Database version: 1642
Windows 5.1.2600 Service Pack 3

1/11/2009 9:11:54 AM
mbam-log-2009-01-11 (09-11-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 143302
Time elapsed: 1 hour(s), 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Al\Start Menu\Programs\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msqpdxkyavqbdw.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\msqpdxmpfubqjl.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\services.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.




ComboFix 09-01-10.03 - Al 2009-01-11 15:25:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1493 [GMT -5:00]
Running from: c:\documents and settings\Al\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msrdo20.dll
c:\windows\system32\rdocurs.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET


((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

2009-01-11 09:23 . 2009-01-11 10:15 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-11 08:04 . 2009-01-11 08:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 08:04 . 2009-01-11 08:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-11 08:04 . 2009-01-11 08:04 <DIR> d-------- c:\documents and settings\Al\Application Data\Malwarebytes
2009-01-11 08:04 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-11 08:04 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-05 00:21 . 2009-01-05 00:21 <DIR> d-------- c:\windows\system32\log
2009-01-04 23:57 . 2009-01-04 23:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2009-01-04 23:57 . 2008-02-18 19:29 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-04 23:57 . 2008-02-18 19:29 52,496 --a------ c:\windows\system32\drivers\tmactmon.sys
2009-01-04 23:57 . 2008-02-18 19:29 52,240 --a------ c:\windows\system32\drivers\tmevtmgr.sys
2009-01-01 17:29 . 2009-01-01 21:22 <DIR> d-------- c:\documents and settings\Al\.housecall6.6
2009-01-01 17:22 . 2009-01-01 17:21 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-01 14:31 . 2009-01-01 14:31 <DIR> d-------- c:\windows\system32\HouseCall 6.6
2009-01-01 12:08 . 2009-01-01 14:22 <DIR> d-------- c:\documents and settings\Al\Application Data\HouseCall 6.6
2008-12-30 21:35 . 2000-12-05 09:11 4,174,814 --a------ c:\windows\system32\ct4mgm.sf2
2008-12-30 21:35 . 2006-01-18 22:07 160,768 --a------ c:\windows\system32\cifilter.dll
2008-12-30 21:35 . 2005-05-25 17:34 158,464 --a------ c:\windows\system32\drivers\ctusfsyn.sys
2008-12-30 21:35 . 2005-01-10 18:15 138,752 --a------ c:\windows\system32\drivers\ctsfm2k.sys
2008-12-30 21:35 . 2005-01-10 18:15 115,200 --a------ c:\windows\system32\sfms32.dll
2008-12-30 21:35 . 2005-01-10 18:15 106,496 --a------ c:\windows\system32\drivers\ctoss2k.sys
2008-12-30 21:35 . 2005-12-07 11:34 40,448 --a------ c:\windows\system32\CiEcho.dll
2008-12-30 21:35 . 2005-01-10 18:15 20,992 --a------ c:\windows\system32\sfman32.dll
2008-12-30 21:35 . 2005-10-29 19:42 11,776 --a------ c:\windows\inres.dll
2008-12-30 21:35 . 2002-01-02 23:44 59 --a------ c:\windows\system32\default4.sfm
2008-12-30 21:09 . 2008-12-30 21:09 347 --a------ c:\windows\CTWave32.INI
2008-12-30 21:09 . 2008-12-30 21:09 29 --a------ c:\windows\sfbm.INI
2008-12-30 20:48 . 2008-12-31 00:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Dell
2008-12-30 20:43 . 2007-08-21 09:58 146,944 --a------ c:\windows\system32\st325602.dll
2008-12-30 20:17 . 2008-12-30 20:17 <DIR> d-------- c:\program files\CCleaner
2008-12-23 22:51 . 2008-12-23 22:51 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-23 22:51 . 2008-12-23 22:51 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-23 22:51 . 2008-12-23 22:51 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-23 22:51 . 2008-12-23 22:51 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-23 20:30 . 2008-12-23 20:30 2,568 --a------ c:\windows\system32\PerfStringBackup.TMP
2008-12-22 18:55 . 2008-12-22 18:55 <DIR> d-------- c:\windows\Setup
2008-12-22 18:55 . 2008-12-22 18:55 <DIR> d-------- c:\windows\HDTVXviD Codec
2008-12-22 18:55 . 2008-12-23 18:06 <DIR> d-------- c:\program files\Setup
2008-12-22 18:55 . 2008-12-09 03:10 176 --a------ c:\windows\eower.vbs
2008-12-22 18:55 . 2008-12-09 03:18 45 --a------ c:\windows\sys.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 02:51 --------- d-----w c:\documents and settings\Al\Application Data\U3
2009-01-05 04:57 --------- d-----w c:\program files\Trend Micro
2008-12-31 17:19 --------- d-----w c:\program files\Yahoo!
2008-12-31 17:18 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-31 16:50 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-31 02:35 --------- d-----w c:\program files\Creative
2008-12-31 01:44 304 ----a-w c:\windows\system32\drivers\sthdae.log
2008-12-31 01:43 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-24 15:59 --------- d-----w c:\documents and settings\Steph\Application Data\ATI
2008-12-24 15:59 --------- d-----w c:\documents and settings\Default User\Application Data\ATI
2008-12-24 15:59 --------- d-----w c:\documents and settings\Al\Application Data\ATI
2008-12-24 15:59 --------- d-----w c:\documents and settings\Administrator\Application Data\ATI
2008-12-24 13:12 --------- d-----w c:\program files\Dell
2008-12-24 13:12 --------- d-----w c:\program files\AskPBar
2008-12-24 06:20 --------- d-----w c:\program files\GemMaster
2008-12-22 23:58 --------- d-----w c:\documents and settings\Al\Application Data\uTorrent
2008-12-17 02:36 --------- d-----w c:\program files\DivX
2008-12-10 00:06 --------- d-----w c:\program files\iTunes
2008-12-10 00:06 --------- d-----w c:\program files\iPod
2008-12-10 00:06 --------- d-----w c:\program files\Common Files\Apple
2008-12-10 00:06 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-10 00:04 --------- d-----w c:\program files\QuickTime
2008-12-07 23:49 --------- d-----w c:\program files\TuxPaint
2008-12-07 18:43 --------- d-----w c:\documents and settings\Al\Application Data\TuxPaint
2006-12-07 20:35 73,800 ----a-w c:\documents and settings\Steph\Application Data\GDIPFONTCACHEV1.DAT
2006-10-04 23:42 88 --sh--r c:\windows\system32\8C241D5FBE.sys
2006-10-04 23:42 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-13 185896]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1732608]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-01 136600]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-22 1398024]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-02-18 333328]
R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-02-18 36368]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2009-01-04 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-01-04 648456]
S4 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-01-04 52240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: online.musicmatch.com

O16 -: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
c:\windows\Downloaded Program Files\hcImpl.inf
FF - ProfilePath - c:\documents and settings\Al\Application Data\Mozilla\Firefox\Profiles\m3gasqae.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.cnn.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Al\Application Data\Mozilla\Firefox\Profiles\m3gasqae.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 15:34:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1328)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-11 15:39:28 - machine was rebooted [Al]
ComboFix-quarantined-files.txt 2009-01-11 20:39:25

Pre-Run: 47,260,553,216 bytes free
Post-Run: 47,673,249,792 bytes free

215 --- E O F --- 2008-12-18 02:52:18




GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-11 18:22:25
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 88F8DC60 ZwCreateKey
SSDT 88F8D160 ZwCreateProcess
SSDT 88F8D420 ZwCreateProcessEx
SSDT 88F8E920 ZwCreateSection
SSDT 88F8EFA0 ZwCreateThread
SSDT 88F8E1E0 ZwDeleteKey
SSDT 88F8E4A0 ZwDeleteValueKey
SSDT 88F8F140 ZwLoadDriver
SSDT 88F8EC60 ZwMapViewOfSection
SSDT 88F8D6E0 ZwOpenProcess
SSDT 88F8EAC0 ZwOpenSection
SSDT 88F8DF20 ZwSetValueKey
SSDT 88F8D9A0 ZwTerminateProcess
SSDT 88F8EE00 ZwWriteVirtualMemory

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device AD3AFD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxmpfubqjl.sys
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxmpfubqjl.sys
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxkyavqbdw.dll

---- EOF - GMER 1.0.14 ----

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 12 January 2009 - 04:29 PM

Hello.

Why did you run Malwarebytes Anti-Malware? Did I instruct you to do so?? :thumbsup:

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    c:\windows\eower.vbs
    c:\windows\sys.bat
    
    Registry::
    [-HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys]
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

F-Secure Online Scan

Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.
Post back with:
-Combofix log
-F-Secure scan log
-New GMER log
-New OTViewIT logs


Also note: Please follow the steps I give you in order from top to bottom please. Also, please post the logs in order on how I list them please. Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 Rexal

Rexal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 13 January 2009 - 08:17 AM

Yes, I thought you did instruct me to run MalwareBytes Anti-Malware.

In your post on January 11th (11:49am) you said, “Also next time when you run MBAM, please remove everything it finds, I see "No action take" from your MBAM log.”

I interpreted your statement as meaning that I should run MalwareBytes Anti-Malware and to remove everything it finds. I posted the 2nd log file to confirm that MalwareBytes Anti-Malware had removed everything that it found.

Sorry for the miscommunication, if there was any ?


ComboFix 09-01-11.04 - Al 2009-01-12 21:46:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1476 [GMT -5:00]
Running from: c:\documents and settings\Al\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Al\Desktop\CFScript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\eower.vbs
c:\windows\sys.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\eower.vbs
c:\windows\sys.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET


((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-11 16:02 . 2009-01-11 17:06 345 --a------ c:\windows\gmer.ini
2009-01-11 15:59 . 2009-01-11 15:59 <DIR> d-------- C:\GMER
2009-01-11 09:23 . 2009-01-11 10:15 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-11 08:04 . 2009-01-11 08:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 08:04 . 2009-01-11 08:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-11 08:04 . 2009-01-11 08:04 <DIR> d-------- c:\documents and settings\Al\Application Data\Malwarebytes
2009-01-11 08:04 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-11 08:04 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-05 00:21 . 2009-01-05 00:21 <DIR> d-------- c:\windows\system32\log
2009-01-04 23:57 . 2009-01-11 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2009-01-04 23:57 . 2008-02-18 19:29 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-04 23:57 . 2008-02-18 19:29 52,496 --a------ c:\windows\system32\drivers\tmactmon.sys
2009-01-04 23:57 . 2008-02-18 19:29 52,240 --a------ c:\windows\system32\drivers\tmevtmgr.sys
2009-01-01 17:29 . 2009-01-01 21:22 <DIR> d-------- c:\documents and settings\Al\.housecall6.6
2009-01-01 17:22 . 2009-01-01 17:21 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-01 14:31 . 2009-01-01 14:31 <DIR> d-------- c:\windows\system32\HouseCall 6.6
2009-01-01 12:08 . 2009-01-01 14:22 <DIR> d-------- c:\documents and settings\Al\Application Data\HouseCall 6.6
2008-12-30 21:35 . 2000-12-05 09:11 4,174,814 --a------ c:\windows\system32\ct4mgm.sf2
2008-12-30 21:35 . 2006-01-18 22:07 160,768 --a------ c:\windows\system32\cifilter.dll
2008-12-30 21:35 . 2005-05-25 17:34 158,464 --a------ c:\windows\system32\drivers\ctusfsyn.sys
2008-12-30 21:35 . 2005-01-10 18:15 138,752 --a------ c:\windows\system32\drivers\ctsfm2k.sys
2008-12-30 21:35 . 2005-01-10 18:15 115,200 --a------ c:\windows\system32\sfms32.dll
2008-12-30 21:35 . 2005-01-10 18:15 106,496 --a------ c:\windows\system32\drivers\ctoss2k.sys
2008-12-30 21:35 . 2005-12-07 11:34 40,448 --a------ c:\windows\system32\CiEcho.dll
2008-12-30 21:35 . 2005-01-10 18:15 20,992 --a------ c:\windows\system32\sfman32.dll
2008-12-30 21:35 . 2005-10-29 19:42 11,776 --a------ c:\windows\inres.dll
2008-12-30 21:35 . 2002-01-02 23:44 59 --a------ c:\windows\system32\default4.sfm
2008-12-30 21:09 . 2008-12-30 21:09 347 --a------ c:\windows\CTWave32.INI
2008-12-30 21:09 . 2008-12-30 21:09 29 --a------ c:\windows\sfbm.INI
2008-12-30 20:48 . 2008-12-31 00:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Dell
2008-12-30 20:43 . 2007-08-21 09:58 146,944 --a------ c:\windows\system32\st325602.dll
2008-12-30 20:17 . 2008-12-30 20:17 <DIR> d-------- c:\program files\CCleaner
2008-12-23 22:51 . 2008-12-23 22:51 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-23 22:51 . 2008-12-23 22:51 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-23 22:51 . 2008-12-23 22:51 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-23 22:51 . 2008-12-23 22:51 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-23 20:30 . 2008-12-23 20:30 2,568 --a------ c:\windows\system32\PerfStringBackup.TMP
2008-12-22 18:55 . 2008-12-22 18:55 <DIR> d-------- c:\windows\Setup
2008-12-22 18:55 . 2008-12-22 18:55 <DIR> d-------- c:\windows\HDTVXviD Codec
2008-12-22 18:55 . 2008-12-23 18:06 <DIR> d-------- c:\program files\Setup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 02:51 --------- d-----w c:\documents and settings\Al\Application Data\U3
2009-01-05 04:57 --------- d-----w c:\program files\Trend Micro
2008-12-31 17:19 --------- d-----w c:\program files\Yahoo!
2008-12-31 17:18 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-31 16:50 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-31 02:35 --------- d-----w c:\program files\Creative
2008-12-31 01:44 304 ----a-w c:\windows\system32\drivers\sthdae.log
2008-12-31 01:43 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-24 15:59 --------- d-----w c:\documents and settings\Steph\Application Data\ATI
2008-12-24 15:59 --------- d-----w c:\documents and settings\Default User\Application Data\ATI
2008-12-24 15:59 --------- d-----w c:\documents and settings\Al\Application Data\ATI
2008-12-24 15:59 --------- d-----w c:\documents and settings\Administrator\Application Data\ATI
2008-12-24 13:12 --------- d-----w c:\program files\Dell
2008-12-24 13:12 --------- d-----w c:\program files\AskPBar
2008-12-24 06:20 --------- d-----w c:\program files\GemMaster
2008-12-22 23:58 --------- d-----w c:\documents and settings\Al\Application Data\uTorrent
2008-12-17 02:36 --------- d-----w c:\program files\DivX
2008-12-10 00:06 --------- d-----w c:\program files\iTunes
2008-12-10 00:06 --------- d-----w c:\program files\iPod
2008-12-10 00:06 --------- d-----w c:\program files\Common Files\Apple
2008-12-10 00:06 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-10 00:04 --------- d-----w c:\program files\QuickTime
2008-12-07 23:49 --------- d-----w c:\program files\TuxPaint
2008-12-07 18:43 --------- d-----w c:\documents and settings\Al\Application Data\TuxPaint
2006-12-07 20:35 73,800 ----a-w c:\documents and settings\Steph\Application Data\GDIPFONTCACHEV1.DAT
2006-10-04 23:42 88 --sh--r c:\windows\system32\8C241D5FBE.sys
2006-10-04 23:42 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-11_15.38.34.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-11 21:02:17 884,736 ----a-w c:\windows\gmer.dll
+ 2009-01-11 20:59:36 811,008 ----a-w c:\windows\gmer.exe
- 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2009-01-11 21:02:17 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
+ 2008-04-13 19:18:00 52,480 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\i8042prt.sys
+ 2008-04-13 18:39:47 23,040 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\mouclass.sys
+ 2006-03-08 16:51:28 81,920 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\InstNT.exe
+ 2006-03-08 16:37:44 82,014 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\SynCOM.dll
+ 2006-03-08 16:38:00 114,688 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\SynCtrl.dll
+ 2006-03-08 16:50:00 557,056 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\SynISDLL.dll
+ 2006-03-08 16:33:50 147,456 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\SynMood.exe
+ 2006-03-08 16:35:10 191,872 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\SynTP.sys
+ 2006-03-08 16:38:24 94,299 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\SynTPAPI.dll
+ 2006-03-08 16:51:18 81,920 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\SynTPCo2.dll
+ 2006-03-08 16:38:42 41,064 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\SynTPCOM.dll
+ 2006-03-08 16:40:34 6,135,899 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\SynTPCpl.dll
+ 2006-03-08 16:48:02 761,947 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\SynTPEnh.exe
+ 2006-03-08 16:49:12 69,723 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\SynTPFcs.dll
+ 2006-03-08 16:49:20 82,011 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\SynTPLpr.exe
+ 2006-03-08 16:33:56 163,840 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\SynZMetr.exe
+ 2006-03-08 16:49:40 221,184 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\Tutorial.exe
+ 2009-01-13 02:50:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_250.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-13 185896]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1732608]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-01 136600]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-22 1398024]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-02-18 333328]
R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-02-18 36368]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2009-01-04 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-01-04 648456]
S4 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-01-04 52240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: online.musicmatch.com

O16 -: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
c:\windows\Downloaded Program Files\hcImpl.inf
FF - ProfilePath - c:\documents and settings\Al\Application Data\Mozilla\Firefox\Profiles\m3gasqae.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.cnn.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Al\Application Data\Mozilla\Firefox\Profiles\m3gasqae.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 21:51:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1336)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-12 21:55:46 - machine was rebooted [Al]
ComboFix-quarantined-files.txt 2009-01-13 02:55:44
ComboFix2.txt 2009-01-11 20:39:29

Pre-Run: 47,549,808,640 bytes free
Post-Run: 47,576,510,464 bytes free

248 --- E O F --- 2008-12-18 02:52:18






F-Secure scan log
Scanning Report
Monday, January 12, 2009 22:13:49 - 22:55:33
Computer name: SGH-L
Scanning type: Scan system for malware, rootkits
Target: C:\

Result: 0 malware found

Statistics
Scanned:
• Files: 43062
• System: 3321
• Not scanned: 8
Actions:
• Disinfected: 0
• Renamed: 0
• Deleted: 0
• None: 0
• Submitted: 0
Files not scanned:
• C:\HIBERFIL.SYS
• C:\PAGEFILE.SYS
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\WINDOWS\SYSTEM32\CONFIG\SAM
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
• C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
• C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_24ADF822-76F7-4481-B30B-FF1B40F8687F

Options
Scanning engines:
• F-Secure USS: 2.40.0
• F-Secure Blacklight: 0.0.0
• F-Secure Hydra: 2.8.8110, 2009-01-13
• F-Secure Pegasus: 1.20.0, 2008-11-17
• F-Secure AVP: 7.0.171, 2009-01-12
Scanning options:
• Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
• Use Advanced heuristics



OTViewIt logfile created on: 1/13/2009 7:34:47 AM - Run 4
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Al\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.25% Memory free
3.85 Gb Paging File | 3.59 Gb Available in Paging File | 93.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.17 Gb Total Space | 44.22 Gb Free Space | 55.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SGH-L
Current User Name: Al
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2009/01/01 17:21:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2008/07/13 17:03:56 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2005/06/10 10:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2006/10/18 18:04:28 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2006/10/18 17:58:16 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2005/09/29 14:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2005/05/31 04:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2005/02/23 15:57:24 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Mixer\CTSVolFE.exe
[2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2003/10/13 16:24:14 | 01,732,608 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
[2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
[2009/01/01 17:21:57 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2009/01/09 21:49:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/11/21 09:00:53 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2003/10/13 16:24:14 | 00,061,440 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue [Disabled | Stopped])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/05/23 06:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2006/09/15 21:37:44 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service [Disabled | Stopped])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [Disabled | Stopped])
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Disabled | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
[2009/01/01 17:21:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Disabled | Stopped])
[2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Disabled | Stopped])
[2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Disabled | Stopped])
[2008/10/02 19:02:40 | 00,703,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Stopped])
[2008/08/29 14:57:08 | 00,337,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Stopped])
[2008/09/22 19:14:12 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [On_Demand | Stopped])
[2008/02/18 19:29:26 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Stopped])
[2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Disabled | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/11/29 20:56:35 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/05/23 07:06:36 | 01,578,496 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/08/05 09:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2005/01/10 18:15:00 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2005/05/25 17:34:00 | 00,158,464 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN [On_Demand | Running])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/04/22 02:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2005/04/21 01:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2009/01/11 16:02:17 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/07/21 20:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2005/07/21 20:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2004/03/16 20:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/01/04 15:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt [On_Demand | Running])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2006/10/17 11:55:28 | 01,711,104 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 09:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2005/01/10 18:15:00 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2004/08/10 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/08/05 17:02:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/10/14 08:40:18 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/10/14 08:40:18 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2005/10/14 08:40:18 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [On_Demand | Running])
[2006/10/19 09:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2005/05/13 09:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2005/05/13 09:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2007/05/10 10:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2005/05/31 04:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2005/05/31 04:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2005/05/31 04:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2005/05/31 04:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2005/05/31 04:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2005/05/31 04:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2005/05/31 04:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2005/05/31 04:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2005/05/31 04:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2008/02/18 19:29:20 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Stopped])
[2008/02/18 19:29:20 | 00,333,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running])
[2008/02/18 19:29:20 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/02/18 19:29:20 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Stopped])
[2008/08/16 03:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2008/02/18 19:29:22 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/08/16 03:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/08/16 02:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])
[2006/04/26 16:13:04 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Stopped])
[2005/07/21 20:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\BAE\BAE.dll (Dell Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
"AdobeVersionCue"=C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Sytems)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r (Creative Technology Ltd)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray (Andrea Electronics Corporation)

========== (O4) Startup Folders ==========

[2008/09/18 07:18:26 | 00,025,214 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
[2003/10/12 19:00:10 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2003/10/12 19:00:10 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2001/02/13 00:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
musicmatch.com\online: https in My Computer
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
118 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
118 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1158886316656 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{6C0B6B47-90D5-4920-90C4-5487296F4561} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)
{E181A722-B237-466E-BAE3-F7D2139BE23C} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{F87CDB8C-D815-422C-AF23-5CCB72FFCEF0} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 04:43:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun\command]
""=RavMon.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\explore\Command]
""=RavMon.exe -e


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\open\Command]
""=RavMon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/12 22:05:39 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2009/01/12 21:58:31 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/01/12 21:46:08 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/12 21:46:08 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/12 21:46:08 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/12 21:46:08 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/12 21:46:08 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/12 21:46:08 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/12 21:46:08 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/12 21:46:08 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/12 21:43:37 | 00,074,752 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\EB.doc
[2009/01/11 16:34:16 | 21,458,45248 | -HS- | C] () -- C:\hiberfil.sys
[2009/01/11 16:02:19 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/11 16:02:17 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/01/11 16:02:17 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/01/11 16:02:17 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/11 16:02:17 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/11 15:59:08 | 00,000,000 | ---D | C] -- C:\GMER
[2009/01/11 15:58:42 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\gmer.zip
[2009/01/11 15:24:06 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/01/11 15:24:02 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/01/11 15:23:59 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/01/11 15:22:45 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/11 15:22:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/11 15:22:41 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/11 15:20:33 | 02,923,761 | R--- | C] () -- C:\Documents and Settings\Al\Desktop\ComboFix.exe
[2009/01/11 09:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/01/11 08:04:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\Malwarebytes
[2009/01/11 08:04:05 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/11 08:04:05 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/11 08:04:03 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/11 08:04:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/11 08:04:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/11 08:03:29 | 02,697,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Al\Desktop\mbam-setup.exe
[2009/01/09 21:49:29 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe
[2009/01/05 00:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Local Settings\Application Data\Help
[2009/01/05 00:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\Help
[2009/01/05 00:21:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2009/01/04 23:57:49 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/01/04 23:57:49 | 00,052,496 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/01/04 23:57:49 | 00,052,240 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2009/01/04 23:57:29 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2009/01/04 23:57:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2009/01/04 23:56:06 | 71,082,360 | ---- | C] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\tis166en-us_1092_x32.exe
[2009/01/04 22:04:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Trend Micro Internet Security
[2009/01/04 21:34:11 | 02,772,344 | ---- | C] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\EzInstall(3).exe
[2009/01/02 21:13:30 | 00,719,691 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\090102210956.zip
[2009/01/01 21:32:01 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\HijackThis.lnk
[2009/01/01 21:31:51 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Al\Desktop\HJTInstall.exe
[2009/01/01 16:58:05 | 00,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/01/01 16:58:05 | 00,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/01/01 16:58:05 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/01/01 16:58:05 | 00,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/01/01 16:58:05 | 00,000,988 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/01/01 16:58:05 | 00,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2009/01/01 14:31:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\HouseCall 6.6
[2009/01/01 12:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\HouseCall 6.6
[2008/12/31 13:15:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\System Cleaner
[2008/12/31 13:04:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\My Documents\System Cleaner
[2008/12/31 13:03:57 | 47,189,804 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\System Cleaner.zip
[2008/12/30 21:52:20 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/30 21:35:38 | 04,174,814 | ---- | C] () -- C:\WINDOWS\System32\ct4mgm.sf2
[2008/12/30 21:35:38 | 00,000,059 | ---- | C] () -- C:\WINDOWS\System32\default4.sfm
[2008/12/30 21:35:34 | 00,040,448 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\System32\CiEcho.dll
[2008/12/30 21:35:34 | 00,011,776 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\inres.dll
[2008/12/30 21:09:48 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2008/12/30 21:09:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/12/30 20:48:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/12/30 20:47:38 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\Windows Media Player.lnk
[2008/12/30 20:43:53 | 00,146,944 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\st325602.dll
[2008/12/30 20:38:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Drivers
[2008/12/30 20:37:48 | 64,577,299 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\My_Downloads_List193220.zip
[2008/12/30 20:23:41 | 01,380,902 | ---- | C] () -- C:\Documents and Settings\Al\My Documents\cc_20081230_202336.reg
[2008/12/30 20:17:43 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\CCleaner.lnk
[2008/12/30 20:17:43 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/30 20:13:44 | 03,165,824 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Al\Desktop\ccsetup215.exe
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2008/12/22 18:55:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Setup
[2008/12/22 18:55:48 | 00,000,000 | ---D | C] -- C:\Program Files\Setup
[2008/12/22 18:55:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\HDTVXviD Codec

========== Files - Modified Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/13 00:18:06 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/01/13 00:13:26 | 00,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/01/13 00:13:05 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/13 00:11:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/13 00:11:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/13 00:11:09 | 21,458,45248 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/13 00:10:11 | 13,907,104 | -H-- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\IconCache.db
[2009/01/13 00:07:47 | 00,074,752 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\EB.doc
[2009/01/12 21:51:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/12 21:50:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/01/12 21:45:15 | 02,923,761 | R--- | M] () -- C:\Documents and Settings\Al\Desktop\ComboFix.exe
[2009/01/11 18:26:05 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/01/11 18:26:04 | 00,000,112 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/11 16:02:17 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/01/11 16:02:17 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/11 16:02:17 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/11 15:59:36 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2009/01/11 15:58:50 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\gmer.zip
[2009/01/11 08:04:05 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/11 08:03:43 | 02,697,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Al\Desktop\mbam-setup.exe
[2009/01/09 21:49:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe
[2009/01/04 23:57:29 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2009/01/04 23:56:36 | 71,082,360 | ---- | M] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\tis166en-us_1092_x32.exe
[2009/01/04 21:34:38 | 02,772,344 | ---- | M] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\EzInstall(3).exe
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/02 21:11:17 | 00,719,691 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\090102210956.zip
[2009/01/01 21:32:01 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\HijackThis.lnk
[2009/01/01 21:31:58 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Al\Desktop\HJTInstall.exe
[2009/01/01 16:58:08 | 00,000,209 | ---- | M] () -- C:\Boot.bak
[2008/12/31 13:04:09 | 47,189,804 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\System Cleaner.zip
[2008/12/30 21:52:20 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/30 21:35:43 | 00,000,424 | RH-- | M] () -- C:\WINDOWS\ctfile.rfc
[2008/12/30 21:09:48 | 00,000,347 | ---- | M] () -- C:\WINDOWS\CTWave32.INI
[2008/12/30 21:09:43 | 00,000,029 | ---- | M] () -- C:\WINDOWS\sfbm.INI
[2008/12/30 20:47:38 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Windows Media Player.lnk
[2008/12/30 20:37:50 | 64,577,299 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\My_Downloads_List193220.zip
[2008/12/30 20:24:12 | 01,380,902 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\cc_20081230_202336.reg
[2008/12/30 20:17:43 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\CCleaner.lnk
[2008/12/30 20:13:50 | 03,165,824 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Al\Desktop\ccsetup215.exe
[2008/12/23 23:31:18 | 00,000,507 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/23 23:02:07 | 00,290,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2008/12/23 20:30:45 | 00,400,966 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/23 20:30:45 | 00,062,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/23 19:54:49 | 00,467,764 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/20 22:03:00 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/16 21:36:34 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2008/12/16 21:36:13 | 00,001,460 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\DivX Movies.lnk
< End of report >

#11 Rexal

Rexal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 13 January 2009 - 08:23 AM

I forgot to post the GMER Log file in my last post. Sorry for posting Log files not in requested order. Anyway, here it is..

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-13 07:34:00
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device AC8EFD20
Device AC907631

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxmpfubqjl.sys
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxmpfubqjl.sys
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxkyavqbdw.dll

---- EOF - GMER 1.0.14 ----

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 13 January 2009 - 04:05 PM

Hello.

In your post on January 11th (11:49am) you said, “Also next time when you run MBAM, please remove everything it finds, I see "No action take" from your MBAM log.”

Oh, sorry about that then.. I wasn't clear on my wording. I was just giving you like a warning as in "next" time I tell you to run it please let it quarantine everything. Doesn't matter too much though.

Overall everything is good. Just one entry that doesn't get removed yet. Let's try removing it again.

Download and Run OTMoveIT3
  • Please download OTMoveIt3 by OldTimer and save it to your desktop. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys]
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Run MBAM this time, and make you sure you let it quarantine anything it finds please.

Download and run MalwareBytes Anti-Malware(Full Scan)

Please download Malwarebytes Anti-Malware and save it to your desktop if you lost your copy and need to install it, otherwise skip the installation step and continue with the Full Scan.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with:
-OTMoveIT log
-MBAM log
-New OTViewIT logs
-New GMER log
-How is your computer running?


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 Rexal

Rexal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 14 January 2009 - 03:40 PM

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Al\LOCALS~1\Temp\~DF485C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Al\LOCALS~1\Temp\~DFC830.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Al\LOCALS~1\Temp\~DFE153.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Al\LOCALS~1\Temp\~WRD0001.doc scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Al\LOCALS~1\Temp\~WRF0000.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_248.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01132009_213814

Files moved on Reboot...
File C:\DOCUME~1\Al\LOCALS~1\Temp\~DF485C.tmp not found!
File C:\DOCUME~1\Al\LOCALS~1\Temp\~DFC830.tmp not found!
File C:\DOCUME~1\Al\LOCALS~1\Temp\~DFE153.tmp not found!
File C:\DOCUME~1\Al\LOCALS~1\Temp\~WRD0001.doc not found!
File C:\DOCUME~1\Al\LOCALS~1\Temp\~WRF0000.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_248.dat not found!



Malwarebytes' Anti-Malware 1.32
Database version: 1649
Windows 5.1.2600 Service Pack 3

1/13/2009 10:54:54 PM
mbam-log-2009-01-13 (22-54-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 135401
Time elapsed: 59 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



OTViewIt logfile created on: 1/13/2009 10:57:37 PM - Run 5
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Al\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.18% Memory free
3.85 Gb Paging File | 3.52 Gb Available in Paging File | 91.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.17 Gb Total Space | 44.36 Gb Free Space | 56.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SGH-L
Current User Name: Al
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2009/01/01 17:21:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2008/07/13 17:03:56 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2005/06/10 10:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2006/10/18 18:04:28 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2006/10/18 17:58:16 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2005/09/29 14:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2005/05/31 04:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2005/02/23 15:57:24 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Mixer\CTSVolFE.exe
[2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2003/10/13 16:24:14 | 01,732,608 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
[2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
[2009/01/01 17:21:57 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2009/01/09 21:49:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/11/21 09:00:53 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2003/10/13 16:24:14 | 00,061,440 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue [Disabled | Stopped])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/05/23 06:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2006/09/15 21:37:44 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service [Disabled | Stopped])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [Disabled | Stopped])
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Disabled | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
[2009/01/01 17:21:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Disabled | Stopped])
[2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Disabled | Stopped])
[2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Disabled | Stopped])
[2008/10/02 19:02:40 | 00,703,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Stopped])
[2008/08/29 14:57:08 | 00,337,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Stopped])
[2008/09/22 19:14:12 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [On_Demand | Stopped])
[2008/02/18 19:29:26 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Stopped])
[2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Disabled | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/11/29 20:56:35 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/05/23 07:06:36 | 01,578,496 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/08/05 09:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2005/01/10 18:15:00 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2005/05/25 17:34:00 | 00,158,464 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN [On_Demand | Running])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/04/22 02:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2005/04/21 01:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2009/01/11 16:02:17 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/07/21 20:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2005/07/21 20:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2004/03/16 20:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/01/04 15:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt [On_Demand | Running])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2006/10/17 11:55:28 | 01,711,104 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 09:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2005/01/10 18:15:00 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2004/08/10 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/08/05 17:02:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/10/14 08:40:18 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/10/14 08:40:18 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2005/10/14 08:40:18 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [On_Demand | Running])
[2006/10/19 09:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2005/05/13 09:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2005/05/13 09:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2007/05/10 10:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2005/05/31 04:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2005/05/31 04:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2005/05/31 04:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2005/05/31 04:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2005/05/31 04:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2005/05/31 04:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2005/05/31 04:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2005/05/31 04:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2005/05/31 04:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2008/02/18 19:29:20 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Stopped])
[2008/02/18 19:29:20 | 00,333,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running])
[2008/02/18 19:29:20 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/02/18 19:29:20 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Stopped])
[2008/11/26 17:42:40 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2008/02/18 19:29:22 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/11/26 17:42:42 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/11/26 17:39:56 | 01,195,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])
[2006/04/26 16:13:04 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Stopped])
[2005/07/21 20:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\BAE\BAE.dll (Dell Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
"AdobeVersionCue"=C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Sytems)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r (Creative Technology Ltd)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray (Andrea Electronics Corporation)

========== (O4) Startup Folders ==========

[2008/09/18 07:18:26 | 00,025,214 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
[2003/10/12 19:00:10 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2003/10/12 19:00:10 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2001/02/13 00:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
musicmatch.com\online: https in My Computer
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
118 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
118 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1158886316656 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{6C0B6B47-90D5-4920-90C4-5487296F4561} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)
{E181A722-B237-466E-BAE3-F7D2139BE23C} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{F87CDB8C-D815-422C-AF23-5CCB72FFCEF0} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 04:43:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun\command]
""=RavMon.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\explore\Command]
""=RavMon.exe -e


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\open\Command]
""=RavMon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/13 21:38:14 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/13 21:38:03 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\Hello.doc
[2009/01/13 21:35:42 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTMoveIt3.exe
[2009/01/12 22:05:39 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2009/01/12 21:58:31 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/01/12 21:46:08 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/12 21:46:08 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/12 21:46:08 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/12 21:46:08 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/12 21:46:08 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/12 21:46:08 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/12 21:46:08 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/12 21:46:08 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/12 21:43:37 | 00,074,752 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\EB.doc
[2009/01/11 16:34:16 | 21,458,45248 | -HS- | C] () -- C:\hiberfil.sys
[2009/01/11 16:02:19 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/11 16:02:17 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/01/11 16:02:17 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/01/11 16:02:17 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/11 16:02:17 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/11 15:59:08 | 00,000,000 | ---D | C] -- C:\GMER
[2009/01/11 15:58:42 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\gmer.zip
[2009/01/11 15:24:06 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/01/11 15:24:02 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/01/11 15:23:59 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/01/11 15:22:45 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/11 15:22:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/11 15:22:41 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/11 15:20:33 | 02,923,761 | R--- | C] () -- C:\Documents and Settings\Al\Desktop\ComboFix.exe
[2009/01/11 09:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/01/11 08:04:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\Malwarebytes
[2009/01/11 08:04:05 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/11 08:04:05 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/11 08:04:03 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/11 08:04:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/11 08:04:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/11 08:03:29 | 02,697,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Al\Desktop\mbam-setup.exe
[2009/01/09 21:49:29 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe
[2009/01/05 00:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Local Settings\Application Data\Help
[2009/01/05 00:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\Help
[2009/01/05 00:21:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2009/01/04 23:57:49 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/01/04 23:57:49 | 00,052,496 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/01/04 23:57:49 | 00,052,240 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2009/01/04 23:57:29 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2009/01/04 23:57:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2009/01/04 23:56:06 | 71,082,360 | ---- | C] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\tis166en-us_1092_x32.exe
[2009/01/04 22:04:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Trend Micro Internet Security
[2009/01/04 21:34:11 | 02,772,344 | ---- | C] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\EzInstall(3).exe
[2009/01/02 21:13:30 | 00,719,691 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\090102210956.zip
[2009/01/01 21:32:01 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\HijackThis.lnk
[2009/01/01 21:31:51 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Al\Desktop\HJTInstall.exe
[2009/01/01 16:58:05 | 00,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/01/01 16:58:05 | 00,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/01/01 16:58:05 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/01/01 16:58:05 | 00,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/01/01 16:58:05 | 00,000,988 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/01/01 16:58:05 | 00,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2009/01/01 14:31:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\HouseCall 6.6
[2009/01/01 12:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\HouseCall 6.6
[2008/12/31 13:15:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\System Cleaner
[2008/12/31 13:04:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\My Documents\System Cleaner
[2008/12/31 13:03:57 | 47,189,804 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\System Cleaner.zip
[2008/12/30 21:52:20 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/30 21:35:38 | 04,174,814 | ---- | C] () -- C:\WINDOWS\System32\ct4mgm.sf2
[2008/12/30 21:35:38 | 00,000,059 | ---- | C] () -- C:\WINDOWS\System32\default4.sfm
[2008/12/30 21:35:34 | 00,040,448 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\System32\CiEcho.dll
[2008/12/30 21:35:34 | 00,011,776 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\inres.dll
[2008/12/30 21:09:48 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2008/12/30 21:09:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/12/30 20:48:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/12/30 20:47:38 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\Windows Media Player.lnk
[2008/12/30 20:43:53 | 00,146,944 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\st325602.dll
[2008/12/30 20:38:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Drivers
[2008/12/30 20:37:48 | 64,577,299 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\My_Downloads_List193220.zip
[2008/12/30 20:23:41 | 01,380,902 | ---- | C] () -- C:\Documents and Settings\Al\My Documents\cc_20081230_202336.reg
[2008/12/30 20:17:43 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\CCleaner.lnk
[2008/12/30 20:17:43 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/30 20:13:44 | 03,165,824 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Al\Desktop\ccsetup215.exe
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2008/12/22 18:55:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Setup
[2008/12/22 18:55:48 | 00,000,000 | ---D | C] -- C:\Program Files\Setup
[2008/12/22 18:55:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\HDTVXviD Codec

========== Files - Modified Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/13 21:41:27 | 00,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/01/13 21:40:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/13 21:39:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/13 21:39:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/13 21:39:46 | 21,458,45248 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/13 21:38:54 | 13,907,868 | -H-- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\IconCache.db
[2009/01/13 21:38:03 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Hello.doc
[2009/01/13 21:35:44 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTMoveIt3.exe
[2009/01/13 18:55:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/13 00:18:06 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/01/13 00:07:47 | 00,074,752 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\EB.doc
[2009/01/12 21:51:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/12 21:50:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/01/12 21:45:15 | 02,923,761 | R--- | M] () -- C:\Documents and Settings\Al\Desktop\ComboFix.exe
[2009/01/11 18:26:05 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/01/11 18:26:04 | 00,000,112 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/11 16:02:17 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/01/11 16:02:17 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/11 16:02:17 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/11 15:59:36 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2009/01/11 15:58:50 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\gmer.zip
[2009/01/11 08:04:05 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/11 08:03:43 | 02,697,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Al\Desktop\mbam-setup.exe
[2009/01/09 21:49:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe
[2009/01/04 23:57:29 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2009/01/04 23:56:36 | 71,082,360 | ---- | M] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\tis166en-us_1092_x32.exe
[2009/01/04 21:34:38 | 02,772,344 | ---- | M] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\EzInstall(3).exe
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/02 21:11:17 | 00,719,691 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\090102210956.zip
[2009/01/01 21:32:01 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\HijackThis.lnk
[2009/01/01 21:31:58 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Al\Desktop\HJTInstall.exe
[2009/01/01 16:58:08 | 00,000,209 | ---- | M] () -- C:\Boot.bak
[2008/12/31 13:04:09 | 47,189,804 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\System Cleaner.zip
[2008/12/30 21:52:20 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/30 21:35:43 | 00,000,424 | RH-- | M] () -- C:\WINDOWS\ctfile.rfc
[2008/12/30 21:09:48 | 00,000,347 | ---- | M] () -- C:\WINDOWS\CTWave32.INI
[2008/12/30 21:09:43 | 00,000,029 | ---- | M] () -- C:\WINDOWS\sfbm.INI
[2008/12/30 20:47:38 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Windows Media Player.lnk
[2008/12/30 20:37:50 | 64,577,299 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\My_Downloads_List193220.zip
[2008/12/30 20:24:12 | 01,380,902 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\cc_20081230_202336.reg
[2008/12/30 20:17:43 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\CCleaner.lnk
[2008/12/30 20:13:50 | 03,165,824 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Al\Desktop\ccsetup215.exe
[2008/12/23 23:31:18 | 00,000,507 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/23 23:02:07 | 00,290,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2008/12/23 20:30:45 | 00,400,966 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/23 20:30:45 | 00,062,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/23 19:54:49 | 00,467,764 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/20 22:03:00 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/16 21:36:34 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2008/12/16 21:36:13 | 00,001,460 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\DivX Movies.lnk
< End of report >


2009-01-13 00:10:09 gmer.sys winlogon.exe [1336]: CreateProcess C:\WINDOWS\system32\logonui.exe
2009-01-13 00:10:10 gmer.sys svchost.exe [1716]: CreateProcess C:\WINDOWS\system32\wscntfy.exe
2009-01-13 00:10:22 gmer.sys svchost.exe [1716]: CreateProcess C:\WINDOWS\system32\wuauclt.exe
2009-01-13 00:10:59 gmer.sys System [4]: LoadDriver system32\DRIVERS\ipnat.sys
2009-01-13 00:10:59 gmer.sys System [4]: LoadDriver system32\DRIVERS\wanarp.sys
2009-01-13 00:10:59 gmer.sys System [4]: LoadDriver system32\DRIVERS\arp1394.sys
2009-01-13 00:11:07 gmer.sys System [4]: CreateProcess C:\WINDOWS\system32\smss.exe
2009-01-13 00:11:08 gmer.sys smss.exe [1256]: CreateProcess C:\WINDOWS\system32\autochk.exe
2009-01-13 00:11:08 gmer.sys smss.exe [1256]: LoadDriver \Registry\Machine\System\CurrentControlSet\Services\Cdfs
2009-01-13 00:11:09 gmer.sys smss.exe [1256]: CreateProcess C:\WINDOWS\system32\csrss.exe
2009-01-13 00:11:09 gmer.sys csrss.exe [1308]: LoadDriver \SystemRoot\System32\drivers\dxg.sys
2009-01-13 00:11:11 gmer.sys csrss.exe [1308]: LoadDriver \SystemRoot\System32\ati2dvag.dll
2009-01-13 00:11:11 gmer.sys csrss.exe [1308]: LoadDriver \SystemRoot\System32\ati2cqag.dll
2009-01-13 00:11:11 gmer.sys csrss.exe [1308]: LoadDriver \SystemRoot\System32\atikvmag.dll
2009-01-13 00:11:11 gmer.sys csrss.exe [1308]: LoadDriver \SystemRoot\System32\vga.dll
2009-01-13 00:11:11 gmer.sys csrss.exe [1308]: LoadDriver \SystemRoot\System32\ati2dvag.dll
2009-01-13 00:11:11 gmer.sys csrss.exe [1308]: LoadDriver \SystemRoot\System32\ati2cqag.dll
2009-01-13 00:11:11 gmer.sys csrss.exe [1308]: LoadDriver \SystemRoot\System32\atikvmag.dll
2009-01-13 00:11:11 gmer.sys csrss.exe [1308]: LoadDriver \SystemRoot\System32\ati2dvag.dll
2009-01-13 00:11:11 gmer.sys csrss.exe [1308]: LoadDriver \SystemRoot\System32\ati2cqag.dll
2009-01-13 00:11:11 gmer.sys csrss.exe [1308]: LoadDriver \SystemRoot\System32\atikvmag.dll
2009-01-13 00:11:11 gmer.sys csrss.exe [1308]: LoadDriver \SystemRoot\System32\ati3duag.dll
2009-01-13 00:11:12 gmer.sys csrss.exe [1308]: LoadDriver \SystemRoot\System32\ativvaxx.dll
2009-01-13 00:11:12 gmer.sys smss.exe [1256]: CreateProcess C:\WINDOWS\system32\winlogon.exe
2009-01-13 00:11:12 gmer.sys winlogon.exe [1336]: CreateProcess C:\WINDOWS\system32\services.exe
2009-01-13 00:11:12 gmer.sys winlogon.exe [1336]: CreateProcess C:\WINDOWS\system32\lsass.exe
2009-01-13 00:11:12 gmer.sys csrss.exe [1336]: LoadDriver \SystemRoot\System32\ATMFD.DLL
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\DRIVERS\tmpreflt.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\DRIVERS\vsapint.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\DRIVERS\tmxpflt.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\drivers\drvnddm.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\dla\tfsndres.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\dla\tfsnifs.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\dla\tfsnopio.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\dla\tfsnpool.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\dla\tfsnboio.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\dla\tfsncofs.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\dla\tfsndrct.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\dla\tfsnudf.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\dla\tfsnudfa.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 00:11:13 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 00:11:13 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\DRIVERS\AegisP.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\DRIVERS\s24trans.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: LoadDriver system32\DRIVERS\ndisuio.sys
2009-01-13 00:11:13 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 00:11:14 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 00:11:14 gmer.sys winlogon.exe [1336]: CreateProcess C:\WINDOWS\system32\logonui.exe
2009-01-13 00:11:14 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\system32\spoolsv.exe
2009-01-13 00:11:14 gmer.sys svchost.exe [1712]: LoadDriver system32\DRIVERS\rdbss.sys
2009-01-13 00:11:14 gmer.sys svchost.exe [1712]: LoadDriver system32\DRIVERS\mrxsmb.sys
2009-01-13 00:11:14 gmer.sys services.exe [1380]: LoadDriver system32\DRIVERS\mrxdav.sys
2009-01-13 00:11:14 gmer.sys services.exe [1380]: LoadDriver system32\DRIVERS\dsunidrv.sys
2009-01-13 00:11:14 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\ehome\ehrecvr.exe
2009-01-13 00:11:15 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\ehome\ehSched.exe
2009-01-13 00:11:15 gmer.sys services.exe [1380]: LoadDriver System32\Drivers\HTTP.sys
2009-01-13 00:11:15 gmer.sys services.exe [1380]: CreateProcess C:\Program Files\Java\jre6\bin\jqs.exe
2009-01-13 00:11:15 gmer.sys services.exe [1380]: LoadDriver system32\DRIVERS\mdmxsdk.sys
2009-01-13 00:11:15 gmer.sys services.exe [1380]: CreateProcess C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
2009-01-13 00:11:15 gmer.sys svchost.exe [1604]: CreateProcess C:\WINDOWS\ehome\ehRec.exe
2009-01-13 00:11:15 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 00:11:16 gmer.sys svchost.exe [1712]: LoadDriver system32\DRIVERS\srv.sys
2009-01-13 00:11:16 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 00:11:17 gmer.sys services.exe [1380]: LoadDriver \??\C:\WINDOWS\system32\drivers\tmcomm.sys
2009-01-13 00:11:17 gmer.sys SfCtlCom.exe [652]: CreateProcess C:\Program Files\Trend Micro\Internet Security\SfFnUp.exe
2009-01-13 00:11:17 gmer.sys services.exe [1380]: LoadDriver \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys
2009-01-13 00:11:17 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\system32\fxssvc.exe
2009-01-13 00:11:17 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\ehome\mcrdsvc.exe
2009-01-13 00:11:17 gmer.sys services.exe [1380]: LoadDriver \??\C:\WINDOWS\system32\drivers\tmactmon.sys
2009-01-13 00:11:17 gmer.sys services.exe [1380]: CreateProcess C:\Program Files\Trend Micro\BM\TMBMSRV.exe
2009-01-13 00:11:17 gmer.sys svchost.exe [1712]: LoadDriver system32\DRIVERS\ipnat.sys
2009-01-13 00:11:18 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\system32\dllhost.exe
2009-01-13 00:11:18 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\system32\alg.exe
2009-01-13 00:11:22 gmer.sys services.exe [1380]: CreateProcess C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
2009-01-13 00:11:24 gmer.sys services.exe [1380]: CreateProcess C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2009-01-13 00:12:02 gmer.sys svchost.exe [1712]: CreateProcess C:\WINDOWS\system32\wuauclt.exe
2009-01-13 00:12:05 gmer.sys svchost.exe [1604]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2009-01-13 00:13:04 gmer.sys winlogon.exe [1336]: CreateProcess C:\WINDOWS\system32\ati2evxx.exe
2009-01-13 00:13:04 gmer.sys winlogon.exe [1336]: CreateProcess C:\WINDOWS\system32\userinit.exe
2009-01-13 00:13:04 gmer.sys System [4]: LoadDriver system32\DRIVERS\ctoss2k.sys
2009-01-13 00:13:04 gmer.sys winlogon.exe [1336]: CreateProcess C:\WINDOWS\system32\WgaTray.exe
2009-01-13 00:13:04 gmer.sys System [4]: LoadDriver system32\DRIVERS\ctsfm2k.sys
2009-01-13 00:13:05 gmer.sys userinit.exe [2572]: CreateProcess C:\WINDOWS\explorer.exe
2009-01-13 00:13:09 gmer.sys explorer.exe [2680]: CreateProcess C:\WINDOWS\system32\verclsid.exe
2009-01-13 00:13:10 gmer.sys explorer.exe [2680]: CreateProcess C:\WINDOWS\system32\verclsid.exe
2009-01-13 00:13:11 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\system32\imapi.exe
2009-01-13 00:13:13 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
2009-01-13 00:13:15 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2009-01-13 00:13:16 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\QuickTime\QTTask.exe
2009-01-13 00:13:16 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\iTunes\iTunesHelper.exe
2009-01-13 00:13:16 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2009-01-13 00:13:17 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2009-01-13 00:13:17 gmer.sys services.exe [1380]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 00:13:18 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2009-01-13 00:13:18 gmer.sys svchost.exe [1604]: CreateProcess C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
2009-01-13 00:13:18 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
2009-01-13 00:13:19 gmer.sys explorer.exe [2680]: CreateProcess C:\WINDOWS\ehome\ehtray.exe
2009-01-13 00:13:19 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
2009-01-13 00:13:20 gmer.sys explorer.exe [2680]: CreateProcess C:\WINDOWS\system32\dla\tfswctrl.exe
2009-01-13 00:13:20 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Creative\Mixer\CTSVolFE.exe
2009-01-13 00:13:20 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
2009-01-13 00:13:20 gmer.sys svchost.exe [1604]: CreateProcess C:\WINDOWS\ehome\ehmsas.exe
2009-01-13 00:13:21 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
2009-01-13 00:13:21 gmer.sys svchost.exe [1604]: CreateProcess C:\WINDOWS\ehome\ehRec.exe
2009-01-13 00:13:22 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
2009-01-13 00:13:22 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Java\jre6\bin\jusched.exe
2009-01-13 00:13:23 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
2009-01-13 00:13:29 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
2009-01-13 00:13:30 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
2009-01-13 00:13:30 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
2009-01-13 00:13:31 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
2009-01-13 00:13:34 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Microsoft Office\Office10\OSA.EXE
2009-01-13 00:14:17 gmer.sys explorer.exe [2680]: CreateProcess C:\GMER\gmer.exe
2009-01-13 00:15:08 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Internet Explorer\iexplore.exe
2009-01-13 00:17:08 gmer.sys SfCtlCom.exe [652]: CreateProcess C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2009-01-13 00:17:09 gmer.sys svchost.exe [1712]: CreateProcess C:\WINDOWS\system32\wscntfy.exe
2009-01-13 00:17:16 gmer.sys explorer.exe [2680]: CreateProcess C:\GMER\gmer.exe
2009-01-13 00:18:05 gmer.sys explorer.exe [2680]: CreateProcess C:\GMER\gmer.exe
2009-01-13 00:18:23 gmer.sys jusched.exe [1624]: CreateProcess C:\Program Files\Java\jre6\bin\java.exe
2009-01-13 00:18:48 gmer.sys System [4]: LoadDriver \Registry\Machine\System\CurrentControlSet\Services\Fastfat
2009-01-13 00:54:49 gmer.sys explorer.exe [2680]: CreateProcess C:\WINDOWS\system32\taskmgr.exe
2009-01-13 04:30:04 gmer.sys svchost.exe [1712]: CreateProcess C:\WINDOWS\system32\wuauclt.exe
2009-01-13 07:34:10 gmer.sys explorer.exe [2680]: CreateProcess C:\WINDOWS\system32\notepad.exe
2009-01-13 07:34:20 gmer.sys explorer.exe [2680]: CreateProcess C:\Documents and Settings\Al\Desktop\OTViewIt.exe
2009-01-13 07:34:33 gmer.sys svchost.exe [1712]: CreateProcess C:\WINDOWS\system32\dumprep.exe
2009-01-13 07:34:36 gmer.sys dumprep.exe [2312]: CreateProcess C:\WINDOWS\system32\dwwin.exe
2009-01-13 07:34:43 gmer.sys explorer.exe [2680]: CreateProcess C:\Documents and Settings\Al\Desktop\OTViewIt.exe
2009-01-13 07:35:08 gmer.sys OTViewIt.exe [3424]: CreateProcess C:\WINDOWS\notepad.exe
2009-01-13 07:35:08 gmer.sys OTViewIt.exe [3424]: CreateProcess C:\WINDOWS\notepad.exe
2009-01-13 07:40:48 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
2009-01-13 07:41:50 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Mozilla Firefox\firefox.exe
2009-01-13 07:41:52 gmer.sys firefox.exe [2880]: CreateProcess C:\Program Files\Java\jre6\bin\jqsnotify.exe
2009-01-13 07:43:20 gmer.sys svchost.exe [1712]: CreateProcess C:\WINDOWS\system32\wuauclt.exe
2009-01-13 07:43:34 gmer.sys svchost.exe [1604]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2009-01-13 08:22:39 gmer.sys explorer.exe [2680]: CreateProcess C:\WINDOWS\system32\notepad.exe
2009-01-13 08:23:03 gmer.sys explorer.exe [2680]: CreateProcess C:\WINDOWS\system32\notepad.exe
2009-01-13 08:24:32 gmer.sys explorer.exe [2680]: CreateProcess C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
2009-01-13 08:24:32 gmer.sys services.exe [1380]: CreateProcess C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
2009-01-13 08:24:33 gmer.sys SfCtlCom.exe [3292]: CreateProcess C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
2009-01-13 08:24:34 gmer.sys SfCtlCom.exe [3292]: CreateProcess C:\Program Files\Trend Micro\Internet Security\SfFnUp.exe
2009-01-13 08:24:37 gmer.sys services.exe [1380]: LoadDriver \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys
2009-01-13 08:24:37 gmer.sys services.exe [1380]: LoadDriver \??\C:\WINDOWS\system32\drivers\tmactmon.sys
2009-01-13 08:24:37 gmer.sys services.exe [1380]: CreateProcess C:\Program Files\Trend Micro\BM\TMBMSRV.exe
2009-01-13 08:24:39 gmer.sys services.exe [1380]: CreateProcess C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
2009-01-13 08:24:41 gmer.sys services.exe [1380]: CreateProcess C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2009-01-13 08:24:46 gmer.sys svchost.exe [1604]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2009-01-13 08:28:55 gmer.sys svchost.exe [1604]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2009-01-13 08:28:55 gmer.sys UfSeAgnt.exe [2372]: CreateProcess C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
2009-01-13 08:28:56 gmer.sys SfCtlCom.exe [3292]: CreateProcess C:\Program Files\Trend Micro\Internet Security\SfFnUp.exe
2009-01-13 08:29:09 gmer.sys SfFnUp.exe [2860]: CreateProcess C:\Program Files\Trend Micro\Internet Security\Patch.exe
2009-01-13 08:29:15 gmer.sys svchost.exe [1712]: CreateProcess C:\WINDOWS\system32\wscntfy.exe
2009-01-13 08:29:16 gmer.sys SfCtlCom.exe [3292]: CreateProcess C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2009-01-13 08:29:27 gmer.sys services.exe [1380]: CreateProcess C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2009-01-13 08:40:34 gmer.sys svchost.exe [1712]: CreateProcess C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
2009-01-13 08:40:38 gmer.sys svchost.exe [1604]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2009-01-13 08:45:49 gmer.sys winlogon.exe [1336]: CreateProcess C:\WINDOWS\system32\logonui.exe
2009-01-13 08:45:49 gmer.sys svchost.exe [1604]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2009-01-13 08:46:00 gmer.sys svchost.exe [1712]: CreateProcess C:\WINDOWS\system32\wuauclt.exe
2009-01-13 08:46:00 gmer.sys SfCtlCom.exe [3292]: CreateProcess C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2009-01-13 08:46:35 gmer.sys System [4]: LoadDriver system32\DRIVERS\ipnat.sys
2009-01-13 08:46:35 gmer.sys System [4]: LoadDriver system32\DRIVERS\wanarp.sys
2009-01-13 08:46:36 gmer.sys System [4]: LoadDriver system32\DRIVERS\arp1394.sys
2009-01-13 08:46:44 gmer.sys System [4]: CreateProcess C:\WINDOWS\system32\smss.exe
2009-01-13 08:46:44 gmer.sys smss.exe [1252]: CreateProcess C:\WINDOWS\system32\autochk.exe
2009-01-13 08:46:44 gmer.sys smss.exe [1252]: LoadDriver \Registry\Machine\System\CurrentControlSet\Services\Cdfs
2009-01-13 08:46:46 gmer.sys smss.exe [1252]: CreateProcess C:\WINDOWS\system32\csrss.exe
2009-01-13 08:46:46 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\drivers\dxg.sys
2009-01-13 08:46:48 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ati2dvag.dll
2009-01-13 08:46:48 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ati2cqag.dll
2009-01-13 08:46:48 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\atikvmag.dll
2009-01-13 08:46:48 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\vga.dll
2009-01-13 08:46:48 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ati2dvag.dll
2009-01-13 08:46:48 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ati2cqag.dll
2009-01-13 08:46:48 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\atikvmag.dll
2009-01-13 08:46:48 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ati2dvag.dll
2009-01-13 08:46:48 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ati2cqag.dll
2009-01-13 08:46:48 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\atikvmag.dll
2009-01-13 08:46:48 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ati3duag.dll
2009-01-13 08:46:48 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ativvaxx.dll
2009-01-13 08:46:48 gmer.sys smss.exe [1252]: CreateProcess C:\WINDOWS\system32\winlogon.exe
2009-01-13 08:46:48 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\services.exe
2009-01-13 08:46:48 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\lsass.exe
2009-01-13 08:46:49 gmer.sys csrss.exe [1332]: LoadDriver \SystemRoot\System32\ATMFD.DLL
2009-01-13 08:46:49 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\tmpreflt.sys
2009-01-13 08:46:49 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\vsapint.sys
2009-01-13 08:46:49 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\tmxpflt.sys
2009-01-13 08:46:49 gmer.sys services.exe [1376]: LoadDriver system32\drivers\drvnddm.sys
2009-01-13 08:46:49 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsndres.sys
2009-01-13 08:46:49 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnifs.sys
2009-01-13 08:46:49 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnopio.sys
2009-01-13 08:46:49 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnpool.sys
2009-01-13 08:46:49 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnboio.sys
2009-01-13 08:46:49 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsncofs.sys
2009-01-13 08:46:49 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsndrct.sys
2009-01-13 08:46:49 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnudf.sys
2009-01-13 08:46:49 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnudfa.sys
2009-01-13 08:46:49 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 08:46:50 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 08:46:50 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 08:46:50 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\AegisP.sys
2009-01-13 08:46:50 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\s24trans.sys
2009-01-13 08:46:50 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\ndisuio.sys
2009-01-13 08:46:50 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 08:46:50 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 08:46:50 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\logonui.exe
2009-01-13 08:46:50 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\spoolsv.exe
2009-01-13 08:46:50 gmer.sys svchost.exe [1708]: LoadDriver system32\DRIVERS\rdbss.sys
2009-01-13 08:46:50 gmer.sys svchost.exe [1708]: LoadDriver system32\DRIVERS\mrxsmb.sys
2009-01-13 08:46:50 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\mrxdav.sys
2009-01-13 08:46:50 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\dsunidrv.sys
2009-01-13 08:46:50 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\ehome\ehrecvr.exe
2009-01-13 08:46:51 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\ehome\ehSched.exe
2009-01-13 08:46:51 gmer.sys services.exe [1376]: LoadDriver System32\Drivers\HTTP.sys
2009-01-13 08:46:51 gmer.sys services.exe [1376]: CreateProcess C:\Program Files\Java\jre6\bin\jqs.exe
2009-01-13 08:46:51 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\mdmxsdk.sys
2009-01-13 08:46:51 gmer.sys svchost.exe [1600]: CreateProcess C:\WINDOWS\ehome\ehRec.exe
2009-01-13 08:46:51 gmer.sys svchost.exe [1708]: LoadDriver system32\DRIVERS\srv.sys
2009-01-13 08:46:51 gmer.sys services.exe [1376]: CreateProcess C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
2009-01-13 08:46:52 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 08:46:53 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 08:46:53 gmer.sys services.exe [1376]: LoadDriver \??\C:\WINDOWS\system32\drivers\tmcomm.sys
2009-01-13 08:46:53 gmer.sys services.exe [1376]: LoadDriver \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys
2009-01-13 08:46:53 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\fxssvc.exe
2009-01-13 08:46:53 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\ehome\mcrdsvc.exe
2009-01-13 08:46:53 gmer.sys services.exe [1376]: LoadDriver \??\C:\WINDOWS\system32\drivers\tmactmon.sys
2009-01-13 08:46:53 gmer.sys services.exe [1376]: CreateProcess C:\Program Files\Trend Micro\BM\TMBMSRV.exe
2009-01-13 08:46:53 gmer.sys svchost.exe [1708]: LoadDriver system32\DRIVERS\ipnat.sys
2009-01-13 08:46:53 gmer.sys SfCtlCom.exe [700]: CreateProcess C:\Program Files\Trend Micro\Internet Security\SfFnUp.exe
2009-01-13 08:46:54 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\dllhost.exe
2009-01-13 08:46:54 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\alg.exe
2009-01-13 08:46:59 gmer.sys services.exe [1376]: CreateProcess C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
2009-01-13 08:47:01 gmer.sys services.exe [1376]: CreateProcess C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2009-01-13 08:47:39 gmer.sys svchost.exe [1708]: CreateProcess C:\WINDOWS\system32\wuauclt.exe
2009-01-13 08:47:41 gmer.sys svchost.exe [1600]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2009-01-13 08:47:56 gmer.sys SfCtlCom.exe [700]: CreateProcess C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2009-01-13 18:33:21 gmer.sys System [4]: LoadDriver system32\DRIVERS\ipnat.sys
2009-01-13 18:33:21 gmer.sys System [4]: LoadDriver system32\DRIVERS\wanarp.sys
2009-01-13 18:33:21 gmer.sys System [4]: LoadDriver system32\DRIVERS\arp1394.sys
2009-01-13 18:33:29 gmer.sys System [4]: CreateProcess C:\WINDOWS\system32\smss.exe
2009-01-13 18:33:30 gmer.sys smss.exe [1252]: CreateProcess C:\WINDOWS\system32\autochk.exe
2009-01-13 18:33:30 gmer.sys smss.exe [1252]: LoadDriver \Registry\Machine\System\CurrentControlSet\Services\Cdfs
2009-01-13 18:33:31 gmer.sys smss.exe [1252]: CreateProcess C:\WINDOWS\system32\csrss.exe
2009-01-13 18:33:31 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\drivers\dxg.sys
2009-01-13 18:33:33 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ati2dvag.dll
2009-01-13 18:33:33 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ati2cqag.dll
2009-01-13 18:33:33 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\atikvmag.dll
2009-01-13 18:33:33 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\vga.dll
2009-01-13 18:33:33 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ati2dvag.dll
2009-01-13 18:33:33 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ati2cqag.dll
2009-01-13 18:33:33 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\atikvmag.dll
2009-01-13 18:33:33 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ati2dvag.dll
2009-01-13 18:33:33 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ati2cqag.dll
2009-01-13 18:33:33 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\atikvmag.dll
2009-01-13 18:33:34 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ati3duag.dll
2009-01-13 18:33:34 gmer.sys csrss.exe [1304]: LoadDriver \SystemRoot\System32\ativvaxx.dll
2009-01-13 18:33:34 gmer.sys smss.exe [1252]: CreateProcess C:\WINDOWS\system32\winlogon.exe
2009-01-13 18:33:34 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\services.exe
2009-01-13 18:33:34 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\lsass.exe
2009-01-13 18:33:34 gmer.sys csrss.exe [1332]: LoadDriver \SystemRoot\System32\ATMFD.DLL
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\tmpreflt.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\vsapint.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\tmxpflt.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\drivers\drvnddm.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsndres.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnifs.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnopio.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnpool.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnboio.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsncofs.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsndrct.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnudf.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnudfa.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 18:33:35 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 18:33:35 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\AegisP.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\s24trans.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\ndisuio.sys
2009-01-13 18:33:35 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 18:33:36 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 18:33:36 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\logonui.exe
2009-01-13 18:33:36 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\spoolsv.exe
2009-01-13 18:33:36 gmer.sys svchost.exe [1716]: LoadDriver system32\DRIVERS\rdbss.sys
2009-01-13 18:33:36 gmer.sys svchost.exe [1716]: LoadDriver system32\DRIVERS\mrxsmb.sys
2009-01-13 18:33:36 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\mrxdav.sys
2009-01-13 18:33:36 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\dsunidrv.sys
2009-01-13 18:33:36 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\ehome\ehrecvr.exe
2009-01-13 18:33:37 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\ehome\ehSched.exe
2009-01-13 18:33:37 gmer.sys services.exe [1376]: LoadDriver System32\Drivers\HTTP.sys
2009-01-13 18:33:37 gmer.sys services.exe [1376]: CreateProcess C:\Program Files\Java\jre6\bin\jqs.exe
2009-01-13 18:33:37 gmer.sys svchost.exe [1608]: CreateProcess C:\WINDOWS\ehome\ehRec.exe
2009-01-13 18:33:37 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\mdmxsdk.sys
2009-01-13 18:33:37 gmer.sys services.exe [1376]: CreateProcess C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
2009-01-13 18:33:37 gmer.sys svchost.exe [1716]: LoadDriver system32\DRIVERS\srv.sys
2009-01-13 18:33:38 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 18:33:38 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 18:33:39 gmer.sys services.exe [1376]: LoadDriver \??\C:\WINDOWS\system32\drivers\tmcomm.sys
2009-01-13 18:33:39 gmer.sys services.exe [1376]: LoadDriver \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys
2009-01-13 18:33:39 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\fxssvc.exe
2009-01-13 18:33:39 gmer.sys SfCtlCom.exe [672]: CreateProcess C:\Program Files\Trend Micro\Internet Security\SfFnUp.exe
2009-01-13 18:33:39 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\ehome\mcrdsvc.exe
2009-01-13 18:33:39 gmer.sys services.exe [1376]: LoadDriver \??\C:\WINDOWS\system32\drivers\tmactmon.sys
2009-01-13 18:33:39 gmer.sys services.exe [1376]: CreateProcess C:\Program Files\Trend Micro\BM\TMBMSRV.exe
2009-01-13 18:33:39 gmer.sys svchost.exe [1716]: LoadDriver system32\DRIVERS\ipnat.sys
2009-01-13 18:33:40 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\dllhost.exe
2009-01-13 18:33:40 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\alg.exe
2009-01-13 18:33:43 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\ati2evxx.exe
2009-01-13 18:33:43 gmer.sys System [4]: LoadDriver system32\DRIVERS\ctoss2k.sys
2009-01-13 18:33:43 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\userinit.exe
2009-01-13 18:33:43 gmer.sys System [4]: LoadDriver system32\DRIVERS\ctsfm2k.sys
2009-01-13 18:33:43 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\WgaTray.exe
2009-01-13 18:33:43 gmer.sys userinit.exe [3384]: CreateProcess C:\WINDOWS\explorer.exe
2009-01-13 18:33:45 gmer.sys svchost.exe [1608]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2009-01-13 18:33:47 gmer.sys explorer.exe [3456]: CreateProcess C:\WINDOWS\system32\verclsid.exe
2009-01-13 18:33:50 gmer.sys explorer.exe [3456]: CreateProcess C:\WINDOWS\system32\verclsid.exe
2009-01-13 18:33:53 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\imapi.exe
2009-01-13 18:33:54 gmer.sys services.exe [1376]: CreateProcess C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
2009-01-13 18:33:56 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
2009-01-13 18:33:56 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2009-01-13 18:33:57 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\QuickTime\QTTask.exe
2009-01-13 18:33:57 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\iTunes\iTunesHelper.exe
2009-01-13 18:33:57 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2009-01-13 18:33:57 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2009-01-13 18:33:58 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2009-01-13 18:33:59 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
2009-01-13 18:33:59 gmer.sys svchost.exe [1608]: CreateProcess C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
2009-01-13 18:33:59 gmer.sys explorer.exe [3456]: CreateProcess C:\WINDOWS\ehome\ehtray.exe
2009-01-13 18:34:00 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
2009-01-13 18:34:00 gmer.sys explorer.exe [3456]: CreateProcess C:\WINDOWS\system32\dla\tfswctrl.exe
2009-01-13 18:34:01 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Creative\Mixer\CTSVolFE.exe
2009-01-13 18:34:02 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
2009-01-13 18:34:02 gmer.sys svchost.exe [1608]: CreateProcess C:\WINDOWS\ehome\ehmsas.exe
2009-01-13 18:34:03 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
2009-01-13 18:34:03 gmer.sys svchost.exe [1608]: CreateProcess C:\WINDOWS\ehome\ehRec.exe
2009-01-13 18:34:05 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
2009-01-13 18:34:05 gmer.sys realsched.exe [2140]: CreateProcess C:\Program Files\Real\RealPlayer\realplay.exe
2009-01-13 18:34:05 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Java\jre6\bin\jusched.exe
2009-01-13 18:34:06 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
2009-01-13 18:34:14 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
2009-01-13 18:34:14 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
2009-01-13 18:34:14 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
2009-01-13 18:34:16 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
2009-01-13 18:34:19 gmer.sys realplay.exe [2812]: CreateProcess C:\Program Files\Real\RealPlayer\realplay.exe
2009-01-13 18:34:20 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Microsoft Office\Office10\OSA.EXE
2009-01-13 18:34:23 gmer.sys services.exe [1376]: CreateProcess C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2009-01-13 18:34:25 gmer.sys svchost.exe [1716]: CreateProcess C:\WINDOWS\system32\wuauclt.exe
2009-01-13 18:34:54 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 18:34:59 gmer.sys realplay.exe [2812]: CreateProcess C:\Program Files\Real\RealPlayer\realplay.exe
2009-01-13 18:34:59 gmer.sys realplay.exe [2812]: CreateProcess C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2009-01-13 18:38:41 gmer.sys UfSeAgnt.exe [2868]: CreateProcess C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
2009-01-13 18:38:42 gmer.sys svchost.exe [1608]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2009-01-13 18:38:43 gmer.sys SfCtlCom.exe [672]: CreateProcess C:\Program Files\Trend Micro\Internet Security\SfFnUp.exe
2009-01-13 18:38:55 gmer.sys SfFnUp.exe [3720]: CreateProcess C:\Program Files\Trend Micro\Internet Security\Patch.exe
2009-01-13 18:39:01 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Internet Explorer\iexplore.exe
2009-01-13 18:39:06 gmer.sys jusched.exe [2884]: CreateProcess C:\Program Files\Java\jre6\bin\java.exe
2009-01-13 18:55:00 gmer.sys svchost.exe [1716]: CreateProcess C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2009-01-13 18:55:01 gmer.sys svchost.exe [1608]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2009-01-13 18:55:01 gmer.sys svchost.exe [1608]: CreateProcess C:\WINDOWS\system32\dllhost.exe
2009-01-13 18:55:02 gmer.sys SoftwareUpdate. [2924]: CreateProcess C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2009-01-13 18:55:02 gmer.sys csrss.exe [196]: LoadDriver \SystemRoot\System32\vga.dll
2009-01-13 18:55:02 gmer.sys svchost.exe [1608]: CreateProcess C:\WINDOWS\system32\dllhost.exe
2009-01-13 19:26:05 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Mozilla Firefox\firefox.exe
2009-01-13 19:26:09 gmer.sys firefox.exe [3344]: CreateProcess C:\Program Files\Java\jre6\bin\jqsnotify.exe
2009-01-13 19:26:17 gmer.sys firefox.exe [3344]: CreateProcess C:\Program Files\Mozilla Firefox\uninstall\helper.exe
2009-01-13 19:26:18 gmer.sys explorer.exe [3456]: CreateProcess C:\WINDOWS\system32\verclsid.exe
2009-01-13 19:26:18 gmer.sys explorer.exe [3456]: CreateProcess C:\WINDOWS\system32\verclsid.exe
2009-01-13 20:04:25 gmer.sys UfSeAgnt.exe [2868]: CreateProcess C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
2009-01-13 20:21:32 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Internet Explorer\iexplore.exe
2009-01-13 20:34:27 gmer.sys UfSeAgnt.exe [2868]: CreateProcess C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
2009-01-13 20:48:10 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Internet Explorer\iexplore.exe
2009-01-13 21:02:31 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Mozilla Firefox\firefox.exe
2009-01-13 21:02:31 gmer.sys firefox.exe [252]: CreateProcess C:\Program Files\Java\jre6\bin\jqsnotify.exe
2009-01-13 21:03:20 gmer.sys firefox.exe [252]: CreateProcess C:\Program Files\Java\jre6\bin\jqsnotify.exe
2009-01-13 21:04:29 gmer.sys UfSeAgnt.exe [2868]: CreateProcess C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
2009-01-13 21:32:42 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Mozilla Firefox\firefox.exe
2009-01-13 21:32:42 gmer.sys firefox.exe [2580]: CreateProcess C:\Program Files\Java\jre6\bin\jqsnotify.exe
2009-01-13 21:35:09 gmer.sys explorer.exe [3456]: CreateProcess C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
2009-01-13 21:36:10 gmer.sys explorer.exe [3456]: CreateProcess C:\Documents and Settings\Al\Desktop\OTMoveIt3.exe
2009-01-13 21:37:35 gmer.sys SfCtlCom.exe [672]: CreateProcess C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2009-01-13 21:37:36 gmer.sys svchost.exe [1716]: CreateProcess C:\WINDOWS\system32\wscntfy.exe
2009-01-13 21:38:53 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\logonui.exe
2009-01-13 21:38:53 gmer.sys svchost.exe [1716]: CreateProcess C:\WINDOWS\system32\wscntfy.exe
2009-01-13 21:39:01 gmer.sys svchost.exe [1716]: CreateProcess C:\WINDOWS\system32\wuauclt.exe
2009-01-13 21:39:35 gmer.sys System [4]: LoadDriver system32\DRIVERS\ipnat.sys
2009-01-13 21:39:35 gmer.sys System [4]: LoadDriver system32\DRIVERS\wanarp.sys
2009-01-13 21:39:37 gmer.sys System [4]: LoadDriver system32\DRIVERS\arp1394.sys
2009-01-13 21:39:44 gmer.sys System [4]: CreateProcess C:\WINDOWS\system32\smss.exe
2009-01-13 21:39:45 gmer.sys smss.exe [1252]: CreateProcess C:\WINDOWS\system32\autochk.exe
2009-01-13 21:39:45 gmer.sys smss.exe [1252]: LoadDriver \Registry\Machine\System\CurrentControlSet\Services\Cdfs
2009-01-13 21:39:46 gmer.sys smss.exe [1252]: CreateProcess C:\WINDOWS\system32\csrss.exe
2009-01-13 21:39:46 gmer.sys csrss.exe [1300]: LoadDriver \SystemRoot\System32\drivers\dxg.sys
2009-01-13 21:39:48 gmer.sys csrss.exe [1300]: LoadDriver \SystemRoot\System32\ati2dvag.dll
2009-01-13 21:39:48 gmer.sys csrss.exe [1300]: LoadDriver \SystemRoot\System32\ati2cqag.dll
2009-01-13 21:39:48 gmer.sys csrss.exe [1300]: LoadDriver \SystemRoot\System32\atikvmag.dll
2009-01-13 21:39:48 gmer.sys csrss.exe [1300]: LoadDriver \SystemRoot\System32\vga.dll
2009-01-13 21:39:48 gmer.sys csrss.exe [1300]: LoadDriver \SystemRoot\System32\ati2dvag.dll
2009-01-13 21:39:48 gmer.sys csrss.exe [1300]: LoadDriver \SystemRoot\System32\ati2cqag.dll
2009-01-13 21:39:48 gmer.sys csrss.exe [1300]: LoadDriver \SystemRoot\System32\atikvmag.dll
2009-01-13 21:39:48 gmer.sys csrss.exe [1300]: LoadDriver \SystemRoot\System32\ati2dvag.dll
2009-01-13 21:39:48 gmer.sys csrss.exe [1300]: LoadDriver \SystemRoot\System32\ati2cqag.dll
2009-01-13 21:39:48 gmer.sys csrss.exe [1300]: LoadDriver \SystemRoot\System32\atikvmag.dll
2009-01-13 21:39:48 gmer.sys csrss.exe [1300]: LoadDriver \SystemRoot\System32\ati3duag.dll
2009-01-13 21:39:48 gmer.sys csrss.exe [1300]: LoadDriver \SystemRoot\System32\ativvaxx.dll
2009-01-13 21:39:49 gmer.sys smss.exe [1252]: CreateProcess C:\WINDOWS\system32\winlogon.exe
2009-01-13 21:39:49 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\services.exe
2009-01-13 21:39:49 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\lsass.exe
2009-01-13 21:39:49 gmer.sys csrss.exe [1332]: LoadDriver \SystemRoot\System32\ATMFD.DLL
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\tmpreflt.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\vsapint.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\tmxpflt.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\drivers\drvnddm.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsndres.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnifs.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnopio.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnpool.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnboio.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsncofs.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsndrct.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnudf.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\dla\tfsnudfa.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 21:39:50 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 21:39:50 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\AegisP.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\s24trans.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\ndisuio.sys
2009-01-13 21:39:50 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 21:39:50 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 21:39:51 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\logonui.exe
2009-01-13 21:39:51 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\spoolsv.exe
2009-01-13 21:39:51 gmer.sys svchost.exe [1708]: LoadDriver system32\DRIVERS\rdbss.sys
2009-01-13 21:39:51 gmer.sys svchost.exe [1708]: LoadDriver system32\DRIVERS\mrxsmb.sys
2009-01-13 21:39:51 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\mrxdav.sys
2009-01-13 21:39:52 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\dsunidrv.sys
2009-01-13 21:39:52 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\ehome\ehrecvr.exe
2009-01-13 21:39:52 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\ehome\ehSched.exe
2009-01-13 21:39:52 gmer.sys services.exe [1376]: LoadDriver System32\Drivers\HTTP.sys
2009-01-13 21:39:52 gmer.sys services.exe [1376]: CreateProcess C:\Program Files\Java\jre6\bin\jqs.exe
2009-01-13 21:39:52 gmer.sys services.exe [1376]: LoadDriver system32\DRIVERS\mdmxsdk.sys
2009-01-13 21:39:52 gmer.sys services.exe [1376]: CreateProcess C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
2009-01-13 21:39:52 gmer.sys svchost.exe [1600]: CreateProcess C:\WINDOWS\ehome\ehRec.exe
2009-01-13 21:39:53 gmer.sys svchost.exe [1708]: LoadDriver system32\DRIVERS\srv.sys
2009-01-13 21:39:53 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 21:39:53 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 21:39:54 gmer.sys services.exe [1376]: LoadDriver \??\C:\WINDOWS\system32\drivers\tmcomm.sys
2009-01-13 21:39:54 gmer.sys services.exe [1376]: LoadDriver \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys
2009-01-13 21:39:54 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\fxssvc.exe
2009-01-13 21:39:54 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\ehome\mcrdsvc.exe
2009-01-13 21:39:54 gmer.sys services.exe [1376]: LoadDriver \??\C:\WINDOWS\system32\drivers\tmactmon.sys
2009-01-13 21:39:54 gmer.sys services.exe [1376]: CreateProcess C:\Program Files\Trend Micro\BM\TMBMSRV.exe
2009-01-13 21:39:54 gmer.sys svchost.exe [1708]: LoadDriver system32\DRIVERS\ipnat.sys
2009-01-13 21:39:54 gmer.sys SfCtlCom.exe [648]: CreateProcess C:\Program Files\Trend Micro\Internet Security\SfFnUp.exe
2009-01-13 21:39:55 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\dllhost.exe
2009-01-13 21:39:55 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\alg.exe
2009-01-13 21:40:00 gmer.sys services.exe [1376]: CreateProcess C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
2009-01-13 21:40:03 gmer.sys services.exe [1376]: CreateProcess C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2009-01-13 21:40:23 gmer.sys System [4]: LoadDriver system32\DRIVERS\ctoss2k.sys
2009-01-13 21:40:23 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\ati2evxx.exe
2009-01-13 21:40:23 gmer.sys System [4]: LoadDriver system32\DRIVERS\ctsfm2k.sys
2009-01-13 21:40:24 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\userinit.exe
2009-01-13 21:40:26 gmer.sys winlogon.exe [1332]: CreateProcess C:\WINDOWS\system32\WgaTray.exe
2009-01-13 21:40:26 gmer.sys userinit.exe [3472]: CreateProcess C:\WINDOWS\explorer.exe
2009-01-13 21:40:26 gmer.sys svchost.exe [1600]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2009-01-13 21:40:39 gmer.sys svchost.exe [1708]: CreateProcess C:\WINDOWS\system32\wuauclt.exe
2009-01-13 21:41:02 gmer.sys explorer.exe [3604]: CreateProcess C:\Documents and Settings\Al\Desktop\OTMoveIt3.exe
2009-01-13 21:41:03 gmer.sys OTMoveIt3.exe [4048]: CreateProcess C:\WINDOWS\notepad.exe
2009-01-13 21:41:12 gmer.sys explorer.exe [3604]: CreateProcess C:\WINDOWS\system32\verclsid.exe
2009-01-13 21:41:12 gmer.sys explorer.exe [3604]: CreateProcess C:\WINDOWS\system32\verclsid.exe
2009-01-13 21:41:14 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
2009-01-13 21:41:15 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2009-01-13 21:41:16 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\imapi.exe
2009-01-13 21:41:17 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\QuickTime\QTTask.exe
2009-01-13 21:41:17 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\iTunes\iTunesHelper.exe
2009-01-13 21:41:18 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2009-01-13 21:41:18 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2009-01-13 21:41:19 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2009-01-13 21:41:20 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
2009-01-13 21:41:20 gmer.sys explorer.exe [3604]: CreateProcess C:\WINDOWS\ehome\ehtray.exe
2009-01-13 21:41:20 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
2009-01-13 21:41:20 gmer.sys explorer.exe [3604]: CreateProcess C:\WINDOWS\system32\dla\tfswctrl.exe
2009-01-13 21:41:20 gmer.sys svchost.exe [1600]: CreateProcess C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
2009-01-13 21:41:20 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Creative\Mixer\CTSVolFE.exe
2009-01-13 21:41:21 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
2009-01-13 21:41:21 gmer.sys svchost.exe [1600]: CreateProcess C:\WINDOWS\ehome\ehmsas.exe
2009-01-13 21:41:22 gmer.sys svchost.exe [1600]: CreateProcess C:\WINDOWS\ehome\ehRec.exe
2009-01-13 21:41:23 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
2009-01-13 21:41:24 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
2009-01-13 21:41:24 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Java\jre6\bin\jusched.exe
2009-01-13 21:41:25 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
2009-01-13 21:41:29 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
2009-01-13 21:41:40 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
2009-01-13 21:41:40 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
2009-01-13 21:41:41 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
2009-01-13 21:41:45 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Microsoft Office\Office10\OSA.EXE
2009-01-13 21:42:44 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
2009-01-13 21:45:05 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
2009-01-13 21:45:06 gmer.sys UfSeAgnt.exe [2396]: CreateProcess C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
2009-01-13 21:45:08 gmer.sys svchost.exe [1600]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2009-01-13 21:45:08 gmer.sys SfCtlCom.exe [648]: CreateProcess C:\Program Files\Trend Micro\Internet Security\SfFnUp.exe
2009-01-13 21:45:20 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
2009-01-13 21:46:04 gmer.sys services.exe [1376]: CreateProcess C:\WINDOWS\system32\svchost.exe
2009-01-13 21:46:25 gmer.sys jusched.exe [2380]: CreateProcess C:\Program Files\Java\jre6\bin\java.exe
2009-01-13 21:47:06 gmer.sys services.exe [1376]: LoadDriver \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-01-13 22:54:54 gmer.sys mbam.exe [3208]: CreateProcess C:\WINDOWS\system32\notepad.exe
2009-01-13 22:55:32 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
2009-01-13 22:56:18 gmer.sys SfCtlCom.exe [648]: CreateProcess C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2009-01-13 22:56:20 gmer.sys svchost.exe [1708]: CreateProcess C:\WINDOWS\system32\wscntfy.exe
2009-01-13 22:56:54 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
2009-01-13 22:57:25 gmer.sys explorer.exe [3604]: CreateProcess C:\Documents and Settings\Al\Desktop\OTViewIt.exe
2009-01-13 22:58:07 gmer.sys OTViewIt.exe [1928]: CreateProcess C:\WINDOWS\notepad.exe
2009-01-13 22:58:07 gmer.sys OTViewIt.exe [1928]: CreateProcess C:\WINDOWS\notepad.exe
2009-01-13 23:06:23 gmer.sys explorer.exe [3604]: CreateProcess C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
2009-01-13 23:06:49 gmer.sys explorer.exe [3604]: CreateProcess C:\GMER\gmer.exe


My computer seems to be running much better. I’m not getting redirected through Google using Firefox or Internet Explorer. I can also update my Trend Micro security software normally, where I couldn’t do that before. On the surface, it’s like everything is back to normal.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 14 January 2009 - 03:50 PM

Hello.

My computer seems to be running much better. I’m not getting redirected through Google using Firefox or Internet Explorer. I can also update my Trend Micro security software normally, where I couldn’t do that before. On the surface, it’s like everything is back to normal.

That's good to hear :thumbsup:

Your log looks good as well so far, we will run an online scan to see if there's anything else to be dealt with.

Also, the GMER log looks funny, it doesn't look like the rootkit scan but rather the processes.. Please refer to my previous instructions on running GMER using the rootkit tab please. Post back with the rootkit scan GMER log once it's complete. If you any questions please ask before proceeding.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by Sundavis.

Post back with:
-Kaspersky log
-New GMER log<- Refer to previous posts..
-New OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 Rexal

Rexal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 18 January 2009 - 12:19 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 17, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 17, 2009 19:19:58
Records in database: 1638100
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
E:\

Scan statistics:
Files scanned: 86294
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:44:45

No malware has been detected. The scan area is clean.

The selected area was scanned.


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-17 10:11:20
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 88FCCC60 ZwCreateKey
SSDT 88FCC160 ZwCreateProcess
SSDT 88FCC420 ZwCreateProcessEx
SSDT 88FCD920 ZwCreateSection
SSDT 88FCDFA0 ZwCreateThread
SSDT 88FCD1E0 ZwDeleteKey
SSDT 88FCD4A0 ZwDeleteValueKey
SSDT 88FCE140 ZwLoadDriver
SSDT 88FCDC60 ZwMapViewOfSection
SSDT 88FCC6E0 ZwOpenProcess
SSDT 88FCDAC0 ZwOpenSection
SSDT 88FCCF20 ZwSetValueKey
SSDT 88FCC9A0 ZwTerminateProcess
SSDT 88FCDE00 ZwWriteVirtualMemory

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device AC89CD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxmpfubqjl.sys
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxmpfubqjl.sys
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxkyavqbdw.dll

---- EOF - GMER 1.0.14 ----



OTViewIt logfile created on: 1/17/2009 4:03:31 PM - Run 7
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Al\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.04% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.17 Gb Total Space | 44.34 Gb Free Space | 56.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SGH-L
Current User Name: Al
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2009/01/01 17:21:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/10/02 19:02:40 | 00,703,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2008/08/29 14:57:08 | 00,337,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
[2008/09/22 19:14:12 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
[2008/02/18 19:29:26 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
[2008/07/13 17:03:56 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2005/06/10 10:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2006/10/18 18:04:28 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2006/10/18 17:58:16 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2005/09/29 14:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2005/05/31 04:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2005/02/23 15:57:24 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Mixer\CTSVolFE.exe
[2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
[2009/01/01 17:21:57 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/13 19:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/01/09 21:49:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe
[2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe

========== (O23) Win32 Services ==========

[2006/11/21 09:00:53 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2003/10/13 16:24:14 | 00,061,440 | ---- | M] (Adobe Sytems) -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue [Disabled | Stopped])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/05/23 06:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2006/09/15 21:37:44 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service [Disabled | Stopped])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [Disabled | Stopped])
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2006/10/18 18:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Disabled | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
[2009/01/01 17:21:57 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Disabled | Stopped])
[2006/10/18 17:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Disabled | Stopped])
[2006/10/18 17:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Disabled | Stopped])
[2008/10/02 19:02:40 | 00,703,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
[2008/08/29 14:57:08 | 00,337,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
[2008/09/22 19:14:12 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [On_Demand | Running])
[2008/02/18 19:29:26 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Running])
[2006/10/18 18:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Disabled | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/11/29 20:56:35 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/05/23 07:06:36 | 01,578,496 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/08/05 09:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2005/01/10 18:15:00 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2005/05/25 17:34:00 | 00,158,464 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN [On_Demand | Running])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/04/22 02:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2005/04/21 01:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2009/01/11 16:02:17 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/07/21 20:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2005/07/21 20:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2004/03/16 20:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/01/04 15:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt [On_Demand | Running])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2006/10/17 11:55:28 | 01,711,104 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 09:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2005/01/10 18:15:00 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2004/08/10 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/08/05 17:02:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/10/14 08:40:18 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/10/14 08:40:18 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2005/10/14 08:40:18 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [On_Demand | Running])
[2006/10/19 09:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2005/05/13 09:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2005/05/13 09:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2007/05/10 10:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2005/05/31 04:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2005/05/31 04:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2005/05/31 04:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2005/05/31 04:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2005/05/31 04:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2005/05/31 04:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2005/05/31 04:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2005/05/31 04:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2005/05/31 04:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2008/02/18 19:29:20 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running])
[2008/02/18 19:29:20 | 00,333,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running])
[2008/02/18 19:29:20 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/02/18 19:29:20 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running])
[2008/11/26 17:42:40 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2008/02/18 19:29:22 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/11/26 17:42:42 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/11/26 17:39:56 | 01,195,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])
[2006/04/26 16:13:04 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Stopped])
[2005/07/21 20:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\BAE\BAE.dll (Dell Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r (Creative Technology Ltd)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto (Microsoft Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray (Andrea Electronics Corporation)

========== (O4) Startup Folders ==========

[2008/09/18 07:18:26 | 00,025,214 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
[2003/10/12 19:00:10 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2003/10/12 19:00:10 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2001/02/13 00:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll [2006/09/15 21:50:57 | 01,191,424 | ---- | M] (Google Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
musicmatch.com\online: https in My Computer
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
118 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
118 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2777527408-4139638236-4021115524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1158886316656 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{6C0B6B47-90D5-4920-90C4-5487296F4561} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)
{E181A722-B237-466E-BAE3-F7D2139BE23C} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{F87CDB8C-D815-422C-AF23-5CCB72FFCEF0} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 04:43:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c6-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\AutoRun\command]
""=RavMon.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\explore\Command]
""=RavMon.exe -e


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{515fc0c7-1a89-11dc-b2d8-0015c5b3afbc}\Shell\open\Command]
""=RavMon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c510ab4-ee3f-11dc-b2d2-0015c5b3afbc}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/17 09:45:19 | 00,050,901 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\GMER.JPG
[2009/01/13 21:38:14 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/13 21:38:03 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\Hello.doc
[2009/01/13 21:35:42 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTMoveIt3.exe
[2009/01/12 22:05:39 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2009/01/12 21:58:31 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/01/12 21:46:08 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/12 21:46:08 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/12 21:46:08 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/12 21:46:08 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/12 21:46:08 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/12 21:46:08 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/12 21:46:08 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/12 21:46:08 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/12 21:43:37 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\EB.doc
[2009/01/11 16:34:16 | 21,458,45248 | -HS- | C] () -- C:\hiberfil.sys
[2009/01/11 16:02:19 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/11 16:02:17 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/01/11 16:02:17 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/01/11 16:02:17 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/11 16:02:17 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/11 15:59:08 | 00,000,000 | ---D | C] -- C:\GMER
[2009/01/11 15:58:42 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\gmer.zip
[2009/01/11 15:24:06 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/01/11 15:24:02 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/01/11 15:23:59 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/01/11 15:22:45 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/11 15:22:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/11 15:22:41 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/11 15:20:33 | 02,923,761 | R--- | C] () -- C:\Documents and Settings\Al\Desktop\ComboFix.exe
[2009/01/11 09:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/01/11 08:04:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\Malwarebytes
[2009/01/11 08:04:05 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/11 08:04:05 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/11 08:04:03 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/11 08:04:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/11 08:04:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/11 08:03:29 | 02,697,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Al\Desktop\mbam-setup.exe
[2009/01/09 21:49:29 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe
[2009/01/05 00:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Local Settings\Application Data\Help
[2009/01/05 00:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\Help
[2009/01/05 00:21:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2009/01/04 23:57:49 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/01/04 23:57:49 | 00,052,496 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/01/04 23:57:49 | 00,052,240 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2009/01/04 23:57:29 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2009/01/04 23:57:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2009/01/04 23:56:06 | 71,082,360 | ---- | C] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\tis166en-us_1092_x32.exe
[2009/01/04 22:04:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Trend Micro Internet Security
[2009/01/04 21:34:11 | 02,772,344 | ---- | C] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\EzInstall(3).exe
[2009/01/02 21:13:30 | 00,719,691 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\090102210956.zip
[2009/01/01 21:32:01 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\HijackThis.lnk
[2009/01/01 21:31:51 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Al\Desktop\HJTInstall.exe
[2009/01/01 16:58:05 | 00,002,359 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/01/01 16:58:05 | 00,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009/01/01 16:58:05 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/01/01 16:58:05 | 00,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/01/01 16:58:05 | 00,000,988 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/01/01 16:58:05 | 00,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2009/01/01 14:31:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\HouseCall 6.6
[2009/01/01 12:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\HouseCall 6.6
[2008/12/31 13:15:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\System Cleaner
[2008/12/31 13:04:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\My Documents\System Cleaner
[2008/12/31 13:03:57 | 47,189,804 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\System Cleaner.zip
[2008/12/30 21:52:20 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/30 21:35:38 | 04,174,814 | ---- | C] () -- C:\WINDOWS\System32\ct4mgm.sf2
[2008/12/30 21:35:38 | 00,000,059 | ---- | C] () -- C:\WINDOWS\System32\default4.sfm
[2008/12/30 21:35:34 | 00,040,448 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\System32\CiEcho.dll
[2008/12/30 21:35:34 | 00,011,776 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\inres.dll
[2008/12/30 21:09:48 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2008/12/30 21:09:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/12/30 20:48:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/12/30 20:47:38 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\Windows Media Player.lnk
[2008/12/30 20:43:53 | 00,146,944 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\st325602.dll
[2008/12/30 20:38:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Drivers
[2008/12/30 20:37:48 | 64,577,299 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\My_Downloads_List193220.zip
[2008/12/30 20:23:41 | 01,380,902 | ---- | C] () -- C:\Documents and Settings\Al\My Documents\cc_20081230_202336.reg
[2008/12/30 20:17:43 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\CCleaner.lnk
[2008/12/30 20:17:43 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/30 20:13:44 | 03,165,824 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Al\Desktop\ccsetup215.exe
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2008/12/23 22:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2008/12/22 18:55:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Setup
[2008/12/22 18:55:48 | 00,000,000 | ---D | C] -- C:\Program Files\Setup
[2008/12/22 18:55:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\HDTVXviD Codec

========== Files - Modified Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/17 09:45:19 | 00,050,901 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\GMER.JPG
[2009/01/17 09:42:26 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/01/17 09:41:53 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/01/17 09:41:53 | 00,000,112 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/17 09:41:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/17 09:41:33 | 00,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/01/17 09:41:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/17 09:40:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/17 09:40:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/17 09:40:46 | 21,458,45248 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/17 09:39:56 | 13,911,216 | -H-- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\IconCache.db
[2009/01/14 15:40:46 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\EB.doc
[2009/01/14 07:10:18 | 00,365,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/13 21:38:03 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Hello.doc
[2009/01/13 21:35:44 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTMoveIt3.exe
[2009/01/13 18:55:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/12 21:50:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/01/12 21:45:15 | 02,923,761 | R--- | M] () -- C:\Documents and Settings\Al\Desktop\ComboFix.exe
[2009/01/11 16:02:17 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/01/11 16:02:17 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/11 16:02:17 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/11 15:59:36 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2009/01/11 15:58:50 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\gmer.zip
[2009/01/11 08:04:05 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/11 08:03:43 | 02,697,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Al\Desktop\mbam-setup.exe
[2009/01/09 21:49:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTViewIt.exe
[2009/01/09 20:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/04 23:57:29 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2009/01/04 23:56:36 | 71,082,360 | ---- | M] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\tis166en-us_1092_x32.exe
[2009/01/04 21:34:38 | 02,772,344 | ---- | M] (Trend Micro Inc. ) -- C:\Documents and Settings\Al\Desktop\EzInstall(3).exe
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/02 21:11:17 | 00,719,691 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\090102210956.zip
[2009/01/01 21:32:01 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\HijackThis.lnk
[2009/01/01 21:31:58 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Al\Desktop\HJTInstall.exe
[2009/01/01 16:58:08 | 00,000,209 | ---- | M] () -- C:\Boot.bak
[2008/12/31 13:04:09 | 47,189,804 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\System Cleaner.zip
[2008/12/30 21:52:20 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/30 21:35:43 | 00,000,424 | RH-- | M] () -- C:\WINDOWS\ctfile.rfc
[2008/12/30 21:09:48 | 00,000,347 | ---- | M] () -- C:\WINDOWS\CTWave32.INI
[2008/12/30 21:09:43 | 00,000,029 | ---- | M] () -- C:\WINDOWS\sfbm.INI
[2008/12/30 20:47:38 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Windows Media Player.lnk
[2008/12/30 20:37:50 | 64,577,299 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\My_Downloads_List193220.zip
[2008/12/30 20:24:12 | 01,380,902 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\cc_20081230_202336.reg
[2008/12/30 20:17:43 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\CCleaner.lnk
[2008/12/30 20:13:50 | 03,165,824 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Al\Desktop\ccsetup215.exe
[2008/12/23 23:31:18 | 00,000,507 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/23 23:02:07 | 00,290,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2008/12/23 20:30:45 | 00,400,966 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/23 20:30:45 | 00,062,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/23 19:54:49 | 00,467,764 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/20 22:03:00 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users