Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help! all kinds of .dll crud popping up


  • This topic is locked This topic is locked
17 replies to this topic

#1 bidi00

bidi00

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 02 January 2009 - 12:04 AM

Please help because im ready to toss the computer in the trash. I keep getting .dll things popping up asking for permission to change, also browser keeps changing pages to anti virus promos.

I ran a hijackthis log for you. I am very computer unsavy and dont know how else to explain this.

Thank you in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:51 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\Michael Lombardo\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.riseagainst.com/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>;*.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: (no name) - {299B5FAC-2168-4A5D-A67D-AA4C8F8055DA} - (no file)
O2 - BHO: (no name) - {33BF5F4E-5758-40D9-927F-9DD476CA9635} - C:\WINDOWS\system32\geBqRhHx.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {914420b2-7455-4722-b1e1-d206e32cb176} - C:\WINDOWS\system32\nihiwuga.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CPMcfa5dd51] Rundll32.exe "c:\windows\system32\ziyewila.dll",a
O4 - HKLM\..\Run: [juwiveboni] Rundll32.exe "C:\WINDOWS\system32\kufisobe.dll",s
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [Microsoft Update Machine] wuamgrgg.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [juwiveboni] Rundll32.exe "C:\WINDOWS\system32\kufisobe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Microsoft Update Machine] wuamgrgg.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] wuamgrgg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update Machine] wuamgrgg.exe (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{CF7D4B29-91D3-408E-91FB-5538CE643D1A}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{C0638AD1-493A-4A96-A3D7-A9922E5818F3}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195967445578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195967416390
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\windows\system32\ziyewila.dll,C:\WINDOWS\system32\ravuhavu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ziyewila.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ziyewila.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 12516 bytes

BC AdBot (Login to Remove)

 


#2 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:04:07 PM

Posted 02 January 2009 - 05:34 AM

Hello, bidi00

My name is Jat, and I will be helping you with your situation.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Please give me some time to look over your log, I will post back soon.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#3 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:04:07 PM

Posted 02 January 2009 - 12:17 PM

Hello, your log is quite infected. Please read below.

:thumbsup: Backdoor Threat

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you want to disinfect, continue with the steps below.

Disable Teatimer

You have the program Spybot S&D (Teatimer option) running on your machine and that is good. But prior to using the tools below, it needs to be turned off. Please do the following:
  • Right click the running icon of Spybot's Teatimer, and choose Exit.
Unless it is turned off, it could interfere with the fix below.

ComboFix

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. See this topic to find out how to disable your antivirus and firewall (post #1 & #2).
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

MBAM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

RSIT

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<


In your next reply, could you please post back with:
  • ComboFix log
  • MBAM log
  • RSIT logs
  • Description of any remaining problems

Edited by Jat90, 02 January 2009 - 02:22 PM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#4 bidi00

bidi00
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 02 January 2009 - 03:32 PM

Thank you so far. Here are the logs. I cannot find the combofix log.....I looked in C:combofix folder but did not see it.

R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-05-09 45376]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-07-03 55216]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-07-03 22713]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2001-09-04 233344]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-05-14 10368]
R1 pwd_2K;pwd_2K; C:\WINDOWS\system32\drivers\pwd_2K.sys [2001-09-04 78454]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2001-09-10 205824]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-09-19 8552]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-06-01 3712]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2001-09-04 19702]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-07-20 3198368]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 Winachcf;Winachcf; C:\WINDOWS\System32\DRIVERS\winachcf.sys [2001-08-13 737973]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2001-09-04 17990]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-05-10 36736]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 pnetmdm;PdaNet Modem; C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2004-12-26 7424]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-18 5888]
S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-04-19 28352]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-14 611664]
R2 AntiVirScheduler;AntiVir Scheduler; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Service; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-11 168432]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-20 127043]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-30 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-11-20 202512]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-02 12:17:20

======Uninstall list======

-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
-->MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AgeOfCastles-->C:\PROGRA~1\Anarchy\AGEOFC~1\UNWISE.EXE C:\PROGRA~1\Anarchy\AGEOFC~1\INSTALL.LOG
Anewsoft MP3 Recorder 2.0-->"C:\Program Files\Anewsoft MP3 Recorder\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Backup Dell-Installed Programs-->MsiExec.exe /X{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}
Battlefield 1942 Multiplayer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5ED20FB0-678F-41EE-9211-DC9C670FD193}\Setup.exe" -l0x9
Battlefield 1942 Singleplayer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6D7A630-9136-490E-B190-D0E71813BCAE}\Setup.exe" -l0x9
Battlefield 2: Deluxe Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Call of Duty Game of the Year Edition-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Call of Duty® 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DellTouch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{706D5382-7381-4680-9DD0-161832578252}\setup.exe"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DOM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE6EFF4B-3201-4C83-B12A-8192878B8047}\Setup.exe" -l0x9
EA downloader-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1D171963-9063-4423-898B-8EC4F1F190B7} /l1033
EA SPORTS online 2007-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Empire Earth II: The Art of Supremacy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F596C356-BF35-4ED7-981C-CC791461A8F0}\setup.exe" -l0x9 -removeonly
Empire Earth II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF315348-721C-40B8-BAE2-58C6C7D935A2}\setup.exe" -l0x9 -removeonly
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B53B71D-9E2F-42B8-9123-96354872D166}\setup.exe" -l0x9 MyUninstall
EPSON PhotoStarter3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE704636-ECD0-426C-952E-05B8DABD1949}\Setup.exe" -l0x9 uninst
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\Setup.exe" -l0x9 UNINSTALL
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
EPSON SPRX600 Reference Guide-->C:\Program Files\epson\guide\rx600_e\uninstall.exe
FoneSync-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FoneSync\Uninst.isu" -c"C:\Program Files\FoneSync\UninstSupport.dll"
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GameSpy Software-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
GIMPshop 2.2.8-->C:\Program Files\GIMPshop\uninst.exe
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
GuitarVision-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3884FCC0-9E16-423B-959A-FD77DD2F39E6}\setup.exe" -l0x9
HijackThis 2.0.2-->"C:\Documents and Settings\Tyler Lombardo\Local Settings\Temporary Internet Files\Content.IE5\MNQ5O9UV\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java 2 Runtime Environment Standard Edition v1.3.1_04-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_04\Uninst.isu"
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medal of Honor Allied Assault™ Breakthrough Patch v2.40-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF9046D6-5F1F-40B6-9782-3DC2D902D391}\Setup.exe" -l0x9
Medal of Honor Allied Assault™ Breakthrough-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}\Setup.exe" -l0x9
Medal of Honor Allied Assault™ Spearhead Patch 2.15-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}\Setup.exe" -l0x9
Medal of Honor Allied Assault™ Spearhead-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}\Setup.exe" -l0x9
Medal of Honor Allied Assault™ Spearhead-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}\Setup.exe" -l0x9
Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Broadband Networking-->MsiExec.exe /I{8CC15633-2327-43F4-BA85-B83FDB4B59BE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2001-->MsiExec.exe /I{01001202-5D65-445A-B3B4-3DCE72BA0C6C}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2001-->MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE}
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Outlook 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOKR /dll OSETUP.DLL
Microsoft Office Outlook 2007-->MsiExec.exe /X{91120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher 2003-->MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Picture It! Publishing 2001-->MsiExec.exe /I{15D9EB74-998E-4A04-B468-51C2E7B32182}
Microsoft Streets and Trips 2001-->MsiExec.exe /I{3D719053-5593-11D3-8F25-0060085C1758}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Microsoft Works 2001 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2001\Setup\Launcher.exe D:\
Microsoft Works 6.0-->MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}
Morrowind-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RCT3 Soaked-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\Setup.exe" -l0x9
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RollerCoaster Tycoon 2: Time Twister-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}\SETUP.EXE" -l0x9
RollerCoaster Tycoon 2: Wacky Worlds-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1AD83A0-DC92-41E3-B111-E9472349768C}\SETUP.EXE" -l0x9
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9
RollerCoaster Tycoon® 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Safari-->MsiExec.exe /I{34F85A4D-03CC-428A-80A4-880228646518}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
The Sims™ Life Stories-->C:\Program Files\Electronic Arts\The Sims Life Stories\EAUninstall.exe
Tiger Woods PGA TOUR 07-->C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 07\EAUninstall.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live Messenger-->MsiExec.exe /I{7A837109-E671-470D-B489-F1EBE471D220}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
YP-U1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4A0225B-A975-416C-8CF7-C1C025FD32D6}\Setup.exe" -l0x9 -remove
Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY-->MsiExec.exe /I{3571656A-575D-4CED-809D-5547587121FF}
Zoo Tycoon: Complete Collection-->"C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove

=====HijackThis Backups=====

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O4 - HKUS\S-1-5-19\..\Run: [juwiveboni] Rundll32.exe "C:\WINDOWS\system32\dogubina.dll",s (User 'LOCAL SERVICE')
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O4 - HKUS\S-1-5-19\..\Run: [juwiveboni] Rundll32.exe "C:\WINDOWS\system32\dogubina.dll",s (User 'LOCAL SERVICE')
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dayevino.dll
O20 - AppInit_DLLs: yhfakz.dll C:\WINDOWS\system32\rasawofu.dll c:\windows\system32\dayevino.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dayevino.dll
O4 - HKLM\..\Run: [CPMcfa5dd51] Rundll32.exe "c:\windows\system32\dayevino.dll",a
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dayevino.dll
O20 - AppInit_DLLs: c:\windows\system32\dayevino.dll,C:\WINDOWS\system32\rasawofu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dayevino.dll

======Security center information======

AV: AntiVir PersonalEdition Classic Virus Protection
AV: Avira AntiVir PersonalEdition (disabled) (outdated)
AV: AntiVir PersonalEdition Classic Virus Protection
AV: AntiVir PersonalEdition Classic Virus Protection

System event log

Computer Name: HOME
Event Code: 7035
Message: The Fast User Switching Compatibility service was successfully sent a start control.

Record Number: 87935
Source Name: Service Control Manager
Time Written: 20081105193039.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: HOME
Event Code: 7036
Message: The Terminal Services service entered the running state.

Record Number: 87934
Source Name: Service Control Manager
Time Written: 20081105193039.000000-480
Event Type: information
User:

Computer Name: HOME
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{7A2068E2-2C45-41B2-83DB-D19EB34B3FE7} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 87933
Source Name: Tcpip
Time Written: 20081105193014.000000-480
Event Type: information
User:

Computer Name: HOME
Event Code: 17
Message:
Record Number: 87932
Source Name: avgntdd
Time Written: 20081105193014.000000-480
Event Type: information
User:

Computer Name: HOME
Event Code: 6005
Message: The Event log service was started.

Record Number: 87931
Source Name: EventLog
Time Written: 20081105192953.000000-480
Event Type: information
User:

Application event log

Computer Name: HOME
Event Code: 7
Message: Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

Record Number: 15068
Source Name: crypt32
Time Written: 20080330100824.000000-420
Event Type: information
User:

Computer Name: HOME
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 15067
Source Name: LoadPerf
Time Written: 20080330100552.000000-420
Event Type: information
User:

Computer Name: HOME
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully.
The Record Data contains the new values of the system Last Counter and
Last Help registry entries.

Record Number: 15066
Source Name: LoadPerf
Time Written: 20080330100551.000000-420
Event Type: information
User:

Computer Name: HOME
Event Code: 0
Message:
Record Number: 15065
Source Name: iPod Service
Time Written: 20080330100244.000000-420
Event Type: information
User:

Computer Name: HOME
Event Code: 4096
Message: The AntiVir service has been started successfully!

Record Number: 15064
Source Name: H+BEDV AntiVir
Time Written: 20080330100158.000000-420
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=000a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------


Malwarebytes' Anti-Malware 1.31
Database version: 1597
Windows 5.1.2600 Service Pack 3

1/2/2009 12:05:44 PM
mbam-log-2009-01-02 (12-05-44).txt

Scan type: Quick Scan
Objects scanned: 57315
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\riwumagu.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{914420b2-7455-4722-b1e1-d206e32cb176} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{914420b2-7455-4722-b1e1-d206e32cb176} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\juwiveboni (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\riwumagu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\riwumagu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\riwumagu.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\riwumagu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nihiwuga.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fusigagi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\madudori.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruhefife.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruketuno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\waremilo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kufisobe.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ravuhavu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\liborazo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rasawofu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pazeyoda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tyler Lombardo\Desktop\ real avatar.bmp (Rogue.RealAV) -> Quarantined and deleted successfully.


I keep getting a blank popup screen and also spybot keeps asking for access to things im not sure about.

Hope this helps. Let me know if i need to run anything again or where i might find the combofix log.

#5 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:04:07 PM

Posted 02 January 2009 - 03:51 PM

Hello

It seems the log.txt of RSIT that you pasted is incomplete. Please preform the RSIT scan again, and this time when the log pops open, do the following:
  • Press ctrl + a to highlight all the text.
  • Right click and select "copy"
  • Come back to this site, make a new reply, right click and select "paste"
In order to find the ComboFix log, do this:
  • Go to My Computer
  • Double click Local Disk (C:)
  • Now look for a notepad icon with "ComboFix" underneath - it will be a text file. Do not go into the folder. Use a similar technique as above to paste it here.

spybot keeps asking for access to things im not sure about.

This is Teatimer I did tell you in my post to disable this program before you ran ComboFix and MBAM, this may explain the blank popups you had.

Disable Teatimer

You have the program Spybot S&D (Teatimer option) running on your machine and that is good. But prior to using the tools below, it needs to be turned off. Please do the following:

  • Right click the running icon of Spybot's Teatimer, and choose Exit.
Unless it is turned off, it could interfere with the fix below.

Its important you follow the instructions given. :)

Please reply with:
  • RSIT log.txt
  • ComboFix.txt
  • How are things running now? Do you still get redirected on the internet?
If you have any trouble following the steps above, please let me know :thumbsup:

Edited by Jat90, 02 January 2009 - 04:48 PM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#6 bidi00

bidi00
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 02 January 2009 - 05:48 PM

ok here is the new rsit log. i couldnt find the other combofix log so i reran it.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Michael Lombardo at 2009-01-02 14:45:56
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 27 GB (35%) free of 76 GB
Total RAM: 511 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46, on 2009-01-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Michael Lombardo\Desktop\system tools\RSIT.exe
C:\Documents and Settings\Michael Lombardo\Desktop\Michael Lombardo.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>;*.local
O2 - BHO: (no name) - {299B5FAC-2168-4A5D-A67D-AA4C8F8055DA} - (no file)
O2 - BHO: (no name) - {33BF5F4E-5758-40D9-927F-9DD476CA9635} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {914420b2-7455-4722-b1e1-d206e32cb176} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [juwiveboni] Rundll32.exe "C:\WINDOWS\system32\visoboja.dll",s
O4 - HKLM\..\Run: [CPMcfa5dd51] Rundll32.exe "c:\windows\system32\govuyoni.dll",a
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{CF7D4B29-91D3-408E-91FB-5538CE643D1A}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{C0638AD1-493A-4A96-A3D7-A9922E5818F3}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195967445578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195967416390
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 11643 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{299B5FAC-2168-4A5D-A67D-AA4C8F8055DA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33BF5F4E-5758-40D9-927F-9DD476CA9635}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-02 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{914420b2-7455-4722-b1e1-d206e32cb176}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-02 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"=C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe [2001-09-04 655360]
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe [2000-08-08 24576]
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe [2000-08-08 311350]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe [2000-08-08 28739]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-20 7110656]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-09-19 26112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-02 136600]
"avgnt"=C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-07-20 86016]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"juwiveboni"=C:\WINDOWS\system32\visoboja.dll []
"CPMcfa5dd51"=c:\windows\system32\govuyoni.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-12 67128]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Documents and Settings\Michael Lombardo\Start Menu\Programs\Startup
RollerCoaster Tycoon 3 Registration.lnk - C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{CF7D4B29-91D3-408E-91FB-5538CE643D1A}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
RollerCoaster Tycoon 3_ Wild Registration.lnk - C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{C0638AD1-493A-4A96-A3D7-A9922E5818F3}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"ForceClassicControlPanel"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe"="C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault™ Breakthrough"
"C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe"="C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe"="C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault™"
"C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe"="C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd"
"C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility"
"C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray"
"C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup"
"C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\DOM\Xm.exe"="C:\DOM\Xm.exe:*:Enabled:Connection Manager for Mary Kay Desktop Office Manager"
"C:\Program Files\EA GAMES\Battlefield 1942 Singleplayer Demo\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942 Singleplayer Demo\BF1942.exe:*:Disabled:BF1942"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Anarchy\AgeOfCastles\Age-of-Castles.exe"="C:\Program Files\Anarchy\AgeOfCastles\Age-of-Castles.exe:*:Enabled:Age of Castles "
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sierra\Empire Earth II\EE2.exe"="C:\Program Files\Sierra\Empire Earth II\EE2.exe:*:Enabled:Empire Earth II"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AntiVir PersonalEdition Classic\guardgui.exe"="C:\Program Files\AntiVir PersonalEdition Classic\guardgui.exe:*:Enabled:GUARDGUI"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:userinit"
"C:\Program Files\AntiVir PersonalEdition Classic\sched.exe"="C:\Program Files\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched"
"C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe:*:Enabled:wkcalrem"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vomuganu.dll
2009-01-02 14:29:47 ----A---- C:\WINDOWS\PSEXESVC.EXE
2009-01-02 14:23:55 ----D---- C:\ComboFix
2009-01-02 14:23:54 ----A---- C:\WINDOWS\system32\CF32563.exe
2009-01-02 14:02:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-02 14:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-02 14:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-01-02 14:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-02 13:32:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-02 13:28:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-02 13:25:57 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-02 13:25:56 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-02 13:25:56 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-02 13:25:56 ----A---- C:\WINDOWS\system32\java.exe
2009-01-02 13:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-02 13:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-02 12:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-02 12:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-02 12:34:49 ----SHD---- C:\RECYCLER
2009-01-02 12:16:46 ----D---- C:\rsit
2009-01-02 11:46:23 ----D---- C:\WINDOWS\temp
2009-01-02 11:25:40 ----A---- C:\Boot.bak
2009-01-02 11:25:31 ----RASHD---- C:\cmdcons
2009-01-02 11:20:10 ----A---- C:\WINDOWS\zip.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\VFIND.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\SWSC.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\SWREG.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\sed.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\grep.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\fdsv.exe
2009-01-02 11:20:01 ----D---- C:\WINDOWS\ERDNT
2009-01-02 11:20:01 ----D---- C:\Qoobox

======List of files/folders modified in the last 1 months======

2009-01-02 14:33:17 ----D---- C:\WINDOWS
2009-01-02 14:33:17 ----A---- C:\WINDOWS\system.ini
2009-01-02 14:32:47 ----D---- C:\WINDOWS\system32
2009-01-02 14:32:13 ----A---- C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
2009-01-02 14:31:24 ----D---- C:\WINDOWS\system32\drivers
2009-01-02 14:27:34 ----D---- C:\Program Files\Common Files
2009-01-02 14:27:33 ----D---- C:\WINDOWS\AppPatch
2009-01-02 14:24:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-02 14:02:20 ----HD---- C:\WINDOWS\inf
2009-01-02 14:02:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-02 14:02:07 ----A---- C:\WINDOWS\imsins.BAK
2009-01-02 14:01:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-02 13:32:02 ----D---- C:\Config.Msi
2009-01-02 13:32:01 ----SHD---- C:\WINDOWS\Installer
2009-01-02 13:31:38 ----A---- C:\WINDOWS\win.ini
2009-01-02 13:27:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-02 13:24:57 ----D---- C:\Program Files\Java
2009-01-02 13:24:04 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-02 13:15:33 ----D---- C:\Program Files\AntiVir PersonalEdition Classic
2009-01-02 13:15:25 ----D---- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic
2009-01-02 12:57:33 ----D---- C:\WINDOWS\WinSxS
2009-01-02 12:41:01 ----D---- C:\Program Files
2009-01-02 11:50:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-02 11:39:11 ----D---- C:\WINDOWS\Help
2009-01-02 11:33:44 ----D---- C:\WINDOWS\system32\config
2009-01-02 11:29:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-02 11:25:40 ----RASH---- C:\boot.ini
2009-01-02 11:04:39 ----D---- C:\WINDOWS\Prefetch
2009-01-01 20:42:08 ----D---- C:\Documents and Settings\Michael Lombardo\Application Data\FrostWire
2008-12-29 11:34:06 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-27 12:34:50 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-12-14 19:48:41 ----D---- C:\Program Files\Call of Duty Game of the Year Edition
2008-12-14 19:11:01 ----A---- C:\WINDOWS\CoD.INI
2008-12-13 23:05:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-13 22:53:40 ----D---- C:\Documents and Settings
2008-12-13 21:35:23 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-12 09:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-05-09 45376]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-07-03 55216]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-07-03 22713]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2001-09-04 233344]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-05-14 10368]
R1 pwd_2K;pwd_2K; C:\WINDOWS\system32\drivers\pwd_2K.sys [2001-09-04 78454]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2001-09-10 205824]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-09-19 8552]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-06-01 3712]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2001-09-04 19702]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-07-20 3198368]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 Winachcf;Winachcf; C:\WINDOWS\System32\DRIVERS\winachcf.sys [2001-08-13 737973]
S3 catchme;catchme; \??\C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\catchme.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2001-09-04 17990]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-05-10 36736]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 pnetmdm;PdaNet Modem; C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2004-12-26 7424]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-18 5888]
S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-04-19 28352]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-14 611664]
R2 AntiVirScheduler;AntiVir Scheduler; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Service; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-11 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-02 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-20 127043]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-30 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-11-20 202512]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


ComboFix 09-01-01.02 - Michael Lombardo 2009-01-02 14:24:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.240 [GMT -8:00]
Running from: C:\Documents and Settings\Michael Lombardo\Desktop\ComboFix.exe
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\apadumeh.ini
c:\windows\system32\govuyoni.dll
C:\WINDOWS\system32\hemudapa.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2009-01-02 13:25 . 2009-01-02 13:25 410,984 --a------ C:\WINDOWS\system32\deploytk.dll
2009-01-02 12:54 . 2008-10-24 03:21 455,296 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2009-01-02 12:52 . 2008-09-04 09:15 1,106,944 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2009-01-02 12:16 . 2009-01-02 12:17 <DIR> d-------- C:\rsit
2008-12-16 16:24 . 2008-12-16 16:24 <DIR> d-------- C:\Documents and Settings\Tyler Lombardo\Application Data\CyberLink
2008-12-08 16:01 . 2008-12-08 16:01 <DIR> d-------- C:\Documents and Settings\Tyler Lombardo\.thumbnails
2008-12-08 15:34 . 2008-12-28 18:31 <DIR> d-------- C:\Documents and Settings\Tyler Lombardo\.gimp-2.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 21:24 --------- d-----w C:\Program Files\Java
2009-01-02 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-02 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic
2009-01-02 19:50 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-01-02 04:42 --------- d-----w C:\Documents and Settings\Michael Lombardo\Application Data\FrostWire
2008-12-29 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-15 03:48 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2008-12-14 05:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-12-04 03:52 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-04 03:52 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-11-27 17:33 --------- d-----w C:\Documents and Settings\Tyler Lombardo\Application Data\Apple Computer
2008-11-22 18:28 --------- d-----w C:\Program Files\iTunes
2008-11-22 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-22 18:27 --------- d-----w C:\Program Files\iPod
2008-11-22 18:27 --------- d-----w C:\Program Files\Common Files\Apple
2008-11-22 18:24 --------- d-----w C:\Program Files\QuickTime
2008-11-22 18:01 --------- d-----w C:\Program Files\Safari
2008-11-21 01:23 138,952 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-11-12 07:10 --------- d-----w C:\Program Files\Google
2008-11-08 09:15 --------- d-----w C:\Program Files\FrostWire
2008-11-07 22:23 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-11-06 04:45 61,224 ----a-w C:\Documents and Settings\Michael Lombardo\GoToAssistDownloadHelper.exe
2008-11-05 02:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\qdudshcf
2008-11-04 22:52 --------- d-----w C:\Documents and Settings\Tyler Lombardo\Application Data\Viewpoint
2005-11-02 07:45 36 ----a-w C:\Documents and Settings\Michael Lombardo\klextlock.dat
1601-01-01 00:12 83,968 --sha-w C:\WINDOWS\system32\vomuganu.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-02_11.43.57.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:21:09 455,296 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2009-01-02 20:57:35 32,768 ----a-r C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-15 00:04:09 20,240 ----a-r C:\WINDOWS\Installer\{91120000-001A-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-01-02 21:24:03 20,240 ----a-r C:\WINDOWS\Installer\{91120000-001A-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-10-15 00:04:09 217,864 ----a-r C:\WINDOWS\Installer\{91120000-001A-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-02 21:24:03 217,864 ----a-r C:\WINDOWS\Installer\{91120000-001A-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-15 00:04:09 18,704 ----a-r C:\WINDOWS\Installer\{91120000-001A-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-02 21:24:03 18,704 ----a-r C:\WINDOWS\Installer\{91120000-001A-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-15 00:04:09 35,088 ----a-r C:\WINDOWS\Installer\{91120000-001A-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-02 21:24:03 35,088 ----a-r C:\WINDOWS\Installer\{91120000-001A-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-10-15 00:04:09 845,584 ----a-r C:\WINDOWS\Installer\{91120000-001A-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-01-02 21:24:03 845,584 ----a-r C:\WINDOWS\Installer\{91120000-001A-0000-0000-0000000FF1CE}\outicon.exe
- 2008-09-09 21:38:24 12,288 ----a-r C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-02 21:01:05 12,288 ----a-r C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-09-09 21:38:24 135,168 ----a-r C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-02 21:01:06 135,168 ----a-r C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-09-09 21:38:24 11,264 ----a-r C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-02 21:01:06 11,264 ----a-r C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-09-09 21:38:24 27,136 ----a-r C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-01-02 21:01:06 27,136 ----a-r C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-09-09 21:38:24 4,096 ----a-r C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-02 21:01:06 4,096 ----a-r C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-09-09 21:38:24 61,440 ----a-r C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-02 21:01:05 61,440 ----a-r C:\WINDOWS\Installer\{91190409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-10-15 00:02:21 593,920 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-01-02 21:31:44 593,920 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-10-15 00:02:21 12,288 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-02 21:31:44 12,288 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-10-15 00:02:22 86,016 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-01-02 21:31:45 86,016 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-10-15 00:02:21 135,168 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-02 21:31:43 135,168 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-10-15 00:02:22 11,264 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-02 21:31:45 11,264 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-10-15 00:02:22 27,136 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-01-02 21:31:45 27,136 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-10-15 00:02:22 4,096 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-02 21:31:45 4,096 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-10-15 00:02:22 794,624 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-02 21:31:45 794,624 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-15 00:02:21 249,856 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-01-02 21:31:44 249,856 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-10-15 00:02:21 61,440 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-02 21:31:44 61,440 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-10-15 00:02:22 23,040 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-01-02 21:31:45 23,040 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-15 00:02:20 286,720 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-02 21:31:43 286,720 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-10-15 00:02:20 409,600 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-02 21:31:43 409,600 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-07-19 05:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2008-10-16 22:09:44 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
- 2009-01-02 19:02:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-02 19:35:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2009-01-02 19:02:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-02 19:35:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-02 19:02:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-02 20:03:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-19 05:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-10-16 22:09:44 92,696 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-10-23 12:36:14 286,720 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2006-10-19 03:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2008-06-18 09:09:22 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2008-08-20 05:30:53 3,067,904 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-12-12 17:01:00 3,067,904 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-04-14 00:12:01 1,306,624 -c----w C:\WINDOWS\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w C:\WINDOWS\system32\dllcache\msxml6.dll
- 2008-08-20 05:30:51 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-10-16 01:00:10 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-04-14 00:12:07 246,814 -c----w C:\WINDOWS\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c----w C:\WINDOWS\system32\dllcache\strmdll.dll
- 2008-08-20 05:30:52 619,520 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-10-16 01:00:11 619,520 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-08-20 05:30:51 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-10-16 01:00:11 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-10-19 04:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 13:03:08 938,496 -c--a-w C:\WINDOWS\system32\dllcache\WMNetmgr.dll
- 2006-10-19 04:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2008-06-18 13:03:14 2,458,112 -c--a-w C:\WINDOWS\system32\dllcache\WMVCore.dll
- 2008-07-19 05:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-10-16 22:12:20 561,688 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2008-07-19 05:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-10-16 22:09:44 51,224 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2008-07-19 05:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-10-16 22:13:40 1,809,944 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2008-07-19 05:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-10-16 22:12:22 323,608 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2008-07-19 05:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-10-16 22:08:58 34,328 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2008-07-19 05:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-10-16 22:13:40 202,776 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2008-04-13 19:17:01 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2008-04-14 00:11:54 285,184 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2008-06-10 08:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2009-01-02 21:25:16 144,792 ----a-w C:\WINDOWS\system32\java.exe
- 2008-06-10 08:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2009-01-02 21:25:17 144,792 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-06-10 09:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2009-01-02 21:25:17 148,888 ----a-w C:\WINDOWS\system32\javaws.exe
- 2006-10-19 03:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2008-06-18 09:09:22 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2008-12-09 23:24:38 17,593,280 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-08-20 05:30:53 3,067,904 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-12-12 17:01:00 3,067,904 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-14 00:12:01 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2007-05-08 23:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2008-10-01 00:43:34 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
- 2008-04-14 00:12:01 1,306,624 ------w C:\WINDOWS\system32\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ------w C:\WINDOWS\system32\msxml6.dll
- 2008-07-19 05:07:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
+ 2008-10-16 22:06:48 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
- 2008-07-19 05:07:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
+ 2008-10-16 22:06:48 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
- 2008-08-20 05:30:51 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-10-16 01:00:10 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-10-16 22:08:58 34,328 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 22:09:44 43,544 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-07-27 17:41:40 16,760 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-04-14 00:12:07 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll
- 2008-04-14 00:12:38 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w C:\WINDOWS\system32\tzchange.exe
- 2008-08-20 05:30:52 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-10-16 01:00:11 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-08-20 05:30:51 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-10-16 01:00:11 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
- 2006-10-19 04:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
+ 2008-06-18 13:03:08 938,496 ----a-w C:\WINDOWS\system32\WMNetmgr.dll
- 2006-10-19 04:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2008-06-18 13:03:14 2,458,112 ----a-w C:\WINDOWS\system32\WMVCore.dll
- 2008-07-19 05:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2008-10-16 22:12:20 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2008-07-19 05:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2008-10-16 22:09:44 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2008-07-19 05:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2008-10-16 22:13:40 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2008-07-19 05:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2008-10-16 22:12:22 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2008-07-19 05:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
+ 2008-10-16 22:08:58 34,328 ----a-w C:\WINDOWS\system32\wups.dll
- 2008-07-19 05:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2008-10-16 22:09:44 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
- 2008-07-19 05:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-10-16 22:13:40 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2009-01-02 22:32:11 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_4b4.dat
+ 2008-10-01 00:42:08 1,286,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-10-01 00:45:12 91,656 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-12 19:18 67128]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 11:16 1833296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 16:12 15360]
"Uniblue RegistryBooster 2009"="C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 14:31 655360]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-08-08 12:00 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-08-08 12:00 311350]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-08 12:00 28739]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 17:07 7110656]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-09-19 13:04 26112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-01-02 13:25 136600]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 13:28 266497]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 17:07 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 02:01 32768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-11-04 10:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-11-20 13:20 290088]
"juwiveboni"="C:\WINDOWS\system32\visoboja.dll" [BU]
"CPMcfa5dd51"="c:\windows\system32\govuyoni.dll" [BU]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 02:12 76304 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 02:12 76304 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"C:\\DOM\\Xm.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942 Singleplayer Demo\\BF1942.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\Anarchy\\AgeOfCastles\\Age-of-Castles.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AntiVir PersonalEdition Classic\\guardgui.exe"=
"C:\\WINDOWS\\system32\\userinit.exe"=
"C:\\Program Files\\AntiVir PersonalEdition Classic\\sched.exe"=
"C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkCalRem.exe"=

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2006-01-30 22:11:43 22336]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2006-01-30 22:11:43 45376]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-21 20:16:37 3712]
S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-15 18:12:09 33752]
S3 pnetmdm;PdaNet Modem;C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2004-12-27 00:35:26 7424]
.
Contents of the 'Scheduled Tasks' folder

2008-11-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{299B5FAC-2168-4A5D-A67D-AA4C8F8055DA} - (no file)
BHO-{33BF5F4E-5758-40D9-927F-9DD476CA9635} - (no file)
BHO-{914420b2-7455-4722-b1e1-d206e32cb176} - (no file)
Toolbar-SITEguard - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>;*.local
IE: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.


lets see what happens now. i did disable the spybot last time but everytime the computer reboots it turns back on. sorry.

#7 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:04:07 PM

Posted 03 January 2009 - 02:53 PM

i did disable the spybot last time but everytime the computer reboots it turns back on. sorry.

Its fine. I have included a more detailed method below, this will prevent it starting at reboot (enable it when I say your clean though)

ComboFix was designed to be used under the instructions of a helper. This tool was not created for general use. Using this tool unsupervised can have disastrous consequences for your computer and in some cases, preventing it ever starting up again. Please wait for instructions in future :thumbsup:

P2P Warning

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Frostwire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus I suggest you uninstall these programs via Add/Remove Programs on the Control Panel.

Java Update

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Disable Teatimer

I see your running Teatimer. Although this service is great to have, it has a tendency to interfere with some of the tools we use. Therefore we must disable it using the steps below:
  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done.
  • (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]
CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\visoboja.dll
c:\windows\system32\govuyoni.dll

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"juwiveboni"=-
"CPMcfa5dd51"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{299B5FAC-2168-4A5D-A67D-AA4C8F8055DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33BF5F4E-5758-40D9-927F-9DD476CA9635}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{914420b2-7455-4722-b1e1-d206e32cb176}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{299B5FAC-2168-4A5D-A67D-AA4C8F8055DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33BF5F4E-5758-40D9-927F-9DD476CA9635}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{914420b2-7455-4722-b1e1-d206e32cb176}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

RSIT

Please find and delete the RSIT.exe you have, and download it again. (so both logs are produced)

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<


In your next reply, please post:
  • ComboFix log
  • RSIT logs
  • How is your pc running now?

Edited by Jat90, 03 January 2009 - 03:02 PM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#8 bidi00

bidi00
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 04 January 2009 - 01:37 AM

ComboFix 09-01-02.01 - Michael Lombardo 2009-01-03 22:22:42.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.274 [GMT -8:00]
Running from: c:\documents and settings\Michael Lombardo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael Lombardo\Desktop\CFScript.txt
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\govuyoni.dll
c:\windows\system32\visoboja.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
.
---- Previous Run -------
.
c:\windows\system32\apadumeh.ini
c:\windows\system32\govuyoni.dll
c:\windows\system32\hemudapa.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-03 22:03 . 2009-01-03 22:02 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-03 00:27 . 2009-01-03 00:27 215,848 --a------ c:\windows\system32\rn.tmp
2009-01-02 13:25 . 2009-01-03 22:02 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-02 12:54 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-02 12:52 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-02 12:16 . 2009-01-02 12:17 <DIR> d-------- C:\rsit
2008-12-16 16:24 . 2008-12-16 16:24 <DIR> d-------- c:\documents and settings\Tyler Lombardo\Application Data\CyberLink
2008-12-08 16:01 . 2008-12-08 16:01 <DIR> d-------- c:\documents and settings\Tyler Lombardo\.thumbnails
2008-12-08 15:34 . 2008-12-28 18:31 <DIR> d-------- c:\documents and settings\Tyler Lombardo\.gimp-2.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 05:56 --------- d-----w c:\program files\Java
2009-01-04 05:47 --------- d-----w c:\program files\FrostWire
2009-01-02 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-02 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition classic
2009-01-02 19:50 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-02 04:42 --------- d-----w c:\documents and settings\Michael Lombardo\Application Data\FrostWire
2008-12-29 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-27 20:34 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-15 03:48 --------- d-----w c:\program files\Call of Duty Game of the Year Edition
2008-12-14 05:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-04 03:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 03:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-27 17:33 --------- d-----w c:\documents and settings\Tyler Lombardo\Application Data\Apple Computer
2008-11-22 18:28 --------- d-----w c:\program files\iTunes
2008-11-22 18:28 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-22 18:27 --------- d-----w c:\program files\iPod
2008-11-22 18:27 --------- d-----w c:\program files\Common Files\Apple
2008-11-22 18:24 --------- d-----w c:\program files\QuickTime
2008-11-22 18:01 --------- d-----w c:\program files\Safari
2008-11-21 01:23 138,952 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-21 01:22 202,512 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-12 07:10 --------- d-----w c:\program files\Google
2008-11-07 22:23 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-11-06 04:45 61,224 ----a-w c:\documents and settings\Michael Lombardo\GoToAssistDownloadHelper.exe
2008-11-05 02:06 --------- d-----w c:\documents and settings\All Users\Application Data\qdudshcf
2008-11-04 22:52 --------- d-----w c:\documents and settings\Tyler Lombardo\Application Data\Viewpoint
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2005-11-02 07:45 36 ----a-w c:\documents and settings\Michael Lombardo\klextlock.dat
1601-01-01 00:12 83,968 --sha-w c:\windows\system32\vomuganu.dll
.

((((((((((((((((((((((((((((( snapshot_2009-01-02_14.40.10.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-02 21:25:16 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-01-04 06:02:52 144,792 ----a-w c:\windows\system32\java.exe
- 2009-01-02 21:25:17 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-01-04 06:02:52 144,792 ----a-w c:\windows\system32\javaw.exe
- 2009-01-02 21:25:17 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-01-04 06:02:52 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-01-04 06:04:01 16,384 ----atw c:\windows\temp\Perflib_Perfdata_adc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-12 67128]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 655360]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-08-08 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-19 26112]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\StubInstaller.exe"=
"c:\\DOM\\Xm.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942 Singleplayer Demo\\BF1942.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Anarchy\\AgeOfCastles\\Age-of-Castles.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AntiVir PersonalEdition Classic\\guardgui.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\AntiVir PersonalEdition Classic\\sched.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkCalRem.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2006-01-30 22336]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2006-01-30 45376]
R4 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-06-21 3712]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-15 33752]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2004-12-27 7424]
.
Contents of the 'Scheduled Tasks' folder

2008-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Define - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Look Up in &Encyclopedia - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 22:27:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-03 22:30:11
ComboFix-quarantined-files.txt 2009-01-04 06:29:09
ComboFix2.txt 2009-01-02 19:46:19

Pre-Run: 28,191,301,632 bytes free
Post-Run: 28,181,004,288 bytes free

202 --- E O F --- 2009-01-02 22:06:00


Logfile of random's system information tool 1.05 (written by random/random)
Run by Michael Lombardo at 2009-01-03 22:30:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 27 GB (35%) free of 76 GB
Total RAM: 511 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:13 PM, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Michael Lombardo\Desktop\RSIT.exe
C:\Documents and Settings\Michael Lombardo\Desktop\Michael Lombardo.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{CF7D4B29-91D3-408E-91FB-5538CE643D1A}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{C0638AD1-493A-4A96-A3D7-A9922E5818F3}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195967445578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195967416390
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 11025 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-03 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-03 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-03 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"=C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe [2001-09-04 655360]
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe [2000-08-08 24576]
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe [2000-08-08 311350]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe [2000-08-08 28739]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-20 7110656]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-09-19 26112]
"avgnt"=C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-07-20 86016]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-03 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-12 67128]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Documents and Settings\Michael Lombardo\Start Menu\Programs\Startup
RollerCoaster Tycoon 3 Registration.lnk - C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{CF7D4B29-91D3-408E-91FB-5538CE643D1A}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
RollerCoaster Tycoon 3_ Wild Registration.lnk - C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{C0638AD1-493A-4A96-A3D7-A9922E5818F3}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"ForceClassicControlPanel"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe"="C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault™ Breakthrough"
"C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe"="C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe"="C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault™"
"C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe"="C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd"
"C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility"
"C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray"
"C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup"
"C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe"="C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\DOM\Xm.exe"="C:\DOM\Xm.exe:*:Enabled:Connection Manager for Mary Kay Desktop Office Manager"
"C:\Program Files\EA GAMES\Battlefield 1942 Singleplayer Demo\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942 Singleplayer Demo\BF1942.exe:*:Disabled:BF1942"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Anarchy\AgeOfCastles\Age-of-Castles.exe"="C:\Program Files\Anarchy\AgeOfCastles\Age-of-Castles.exe:*:Enabled:Age of Castles "
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sierra\Empire Earth II\EE2.exe"="C:\Program Files\Sierra\Empire Earth II\EE2.exe:*:Enabled:Empire Earth II"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AntiVir PersonalEdition Classic\guardgui.exe"="C:\Program Files\AntiVir PersonalEdition Classic\guardgui.exe:*:Enabled:GUARDGUI"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:userinit"
"C:\Program Files\AntiVir PersonalEdition Classic\sched.exe"="C:\Program Files\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched"
"C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe:*:Enabled:wkcalrem"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vomuganu.dll
2009-01-03 22:30:13 ----A---- C:\ComboFix.txt
2009-01-03 22:03:52 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-03 22:03:52 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-03 22:03:51 ----A---- C:\WINDOWS\system32\java.exe
2009-01-03 00:27:29 ----A---- C:\WINDOWS\system32\rn.tmp
2009-01-02 14:02:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-02 14:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-02 14:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-01-02 14:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-02 13:32:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-02 13:28:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-02 13:25:57 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-02 13:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-02 13:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-02 12:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-02 12:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-02 12:16:46 ----D---- C:\rsit
2009-01-02 11:46:23 ----D---- C:\WINDOWS\temp
2009-01-02 11:25:40 ----A---- C:\Boot.bak
2009-01-02 11:25:31 ----RASHD---- C:\cmdcons
2009-01-02 11:20:10 ----A---- C:\WINDOWS\zip.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\VFIND.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\SWSC.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\SWREG.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\sed.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\grep.exe
2009-01-02 11:20:10 ----A---- C:\WINDOWS\fdsv.exe
2009-01-02 11:20:01 ----D---- C:\WINDOWS\ERDNT
2009-01-02 11:20:01 ----D---- C:\Qoobox

======List of files/folders modified in the last 1 months======

2009-01-03 22:30:18 ----D---- C:\WINDOWS\system32
2009-01-03 22:30:16 ----D---- C:\WINDOWS
2009-01-03 22:27:36 ----A---- C:\WINDOWS\system.ini
2009-01-03 22:25:05 ----D---- C:\WINDOWS\system32\drivers
2009-01-03 22:25:02 ----D---- C:\WINDOWS\AppPatch
2009-01-03 22:25:02 ----D---- C:\Program Files\Common Files
2009-01-03 22:22:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-03 22:04:11 ----SHD---- C:\WINDOWS\Installer
2009-01-03 22:04:10 ----D---- C:\Config.Msi
2009-01-03 22:00:26 ----A---- C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
2009-01-03 21:56:16 ----D---- C:\Program Files\Java
2009-01-03 21:47:40 ----D---- C:\Program Files\FrostWire
2009-01-03 00:23:17 ----D---- C:\WINDOWS\Registration
2009-01-02 21:45:23 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-02 14:02:20 ----HD---- C:\WINDOWS\inf
2009-01-02 14:02:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-02 14:02:07 ----A---- C:\WINDOWS\imsins.BAK
2009-01-02 13:31:38 ----A---- C:\WINDOWS\win.ini
2009-01-02 13:27:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-02 13:24:04 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-02 13:15:33 ----D---- C:\Program Files\AntiVir PersonalEdition Classic
2009-01-02 13:15:25 ----D---- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition classic
2009-01-02 12:57:33 ----D---- C:\WINDOWS\WinSxS
2009-01-02 12:41:01 ----D---- C:\Program Files
2009-01-02 11:50:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-02 11:39:11 ----D---- C:\WINDOWS\Help
2009-01-02 11:33:44 ----D---- C:\WINDOWS\system32\config
2009-01-02 11:29:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-02 11:25:40 ----RASH---- C:\boot.ini
2009-01-02 11:04:39 ----D---- C:\WINDOWS\Prefetch
2009-01-01 20:42:08 ----D---- C:\Documents and Settings\Michael Lombardo\Application Data\FrostWire
2008-12-29 11:34:06 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-27 12:34:50 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-12-14 19:48:41 ----D---- C:\Program Files\Call of Duty Game of the Year Edition
2008-12-14 19:11:01 ----A---- C:\WINDOWS\CoD.INI
2008-12-13 23:05:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-13 22:53:40 ----D---- C:\Documents and Settings
2008-12-13 21:35:23 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-12 09:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-05-09 45376]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-07-03 55216]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-07-03 22713]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2001-09-04 233344]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-05-14 10368]
R1 pwd_2K;pwd_2K; C:\WINDOWS\system32\drivers\pwd_2K.sys [2001-09-04 78454]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2001-09-10 205824]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-09-19 8552]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-06-01 3712]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2001-09-04 19702]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-07-20 3198368]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 Winachcf;Winachcf; C:\WINDOWS\System32\DRIVERS\winachcf.sys [2001-08-13 737973]
R4 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2001-09-04 17990]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-05-10 36736]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 pnetmdm;PdaNet Modem; C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2004-12-26 7424]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-18 5888]
S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-04-19 28352]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-14 611664]
R2 AntiVirScheduler;AntiVir Scheduler; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Service; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-11 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-03 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-20 127043]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-30 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-11-20 202512]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:13 PM, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Michael Lombardo\Desktop\RSIT.exe
C:\Documents and Settings\Michael Lombardo\Desktop\Michael Lombardo.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>;*.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{CF7D4B29-91D3-408E-91FB-5538CE643D1A}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{C0638AD1-493A-4A96-A3D7-A9922E5818F3}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195967445578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195967416390
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 11025 bytes


Thank you very much. I hope i am doing everything you ask. Seems to be running ok, i keep getting a prompt at startup stating that it cant find 2 objects which i think were bad to begin with.

#9 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:04:07 PM

Posted 04 January 2009 - 08:17 AM

Hello,

i keep getting a prompt at startup stating that it cant find 2 objects which i think were bad to begin with.

Could you specify which two objects it cannot find?

CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\vomuganu.dll
C:\WINDOWS\system32\rn.tmp


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

ATF Cleaner

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

MBAM - Full Scan
  • Launch Malwarebytes' Anti-Malware
  • Click the tab that says "Update". Choose the mirror Malwarebytes.org and then press Check for Updates. You will be notified of an update.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
Go back to the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

OTViewIt

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

In your next reply, please post:
  • ComboFix log
  • MBAM log
  • OTViewIt log

Edited by Jat90, 04 January 2009 - 08:22 AM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#10 bidi00

bidi00
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 05 January 2009 - 01:32 AM

actually the 2 missing files seem to have been found, i havent seen the errors again. maye since i turned off spybot teatimer? ill check after you allow me to turn it back on. here are the logs.

OTViewIt logfile created on: 1/4/2009 10:28:49 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Michael Lombardo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 181.50 Mb Available Physical Memory | 35.52% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.80% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 26.25 Gb Free Space | 35.22% Space Free | Partition Type: NTFS
Drive D: | 2.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Michael Lombardo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/14 17:28:06 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2001/09/04 14:31:50 | 00,655,360 | ---- | M] (Roxio) -- C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
[2004/09/19 13:04:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
[2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
[2008/04/13 16:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/01/12 02:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2009/01/03 22:02:55 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/03/12 19:18:50 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2008/06/12 13:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
[2008/08/07 08:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008/11/11 23:08:27 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2009/01/03 22:02:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2005/07/20 17:07:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/08/30 17:06:18 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2008/11/20 17:22:59 | 00,202,512 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
[2004/07/19 15:26:28 | 00,466,944 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
[2000/08/08 12:00:00 | 00,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
[2008/05/02 01:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/04/13 16:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/01/04 20:58:48 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Lombardo\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/14 17:28:06 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/06/12 13:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/07 08:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 09:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2008/11/11 23:08:27 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/01/03 22:02:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
[2005/07/20 17:07:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/08/30 17:06:18 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2008/11/20 17:22:59 | 00,202,512 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2001/08/17 04:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running])
[2004/09/19 13:04:33 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2008/05/09 12:15:51 | 00,045,376 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd [System | Running])
[2008/01/21 17:11:28 | 00,022,336 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntmgr.sys -- (avgntmgr [Boot | Running])
[2008/06/27 14:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2004/07/03 20:37:27 | 00,055,216 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2004/07/03 20:37:27 | 00,022,713 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2001/09/04 15:37:08 | 00,233,344 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
[2001/08/17 04:11:42 | 00,029,696 | ---- | M] (CNet Technology, Inc. ) -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102 [On_Demand | Running])
[2001/09/04 14:39:50 | 00,017,990 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2001/08/17 05:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Stopped])
[2008/02/29 02:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
[2006/06/01 14:46:42 | 00,003,712 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE [Auto | Running])
[2008/02/29 02:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2006/05/10 08:56:54 | 00,027,264 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
[2006/05/10 08:56:26 | 00,036,736 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK [On_Demand | Stopped])
[2008/02/29 02:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2006/05/10 08:56:50 | 00,071,680 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
[2008/02/29 02:13:46 | 00,028,944 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt [On_Demand | Running])
[2001/09/04 14:39:40 | 00,019,702 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2005/07/20 17:07:00 | 03,198,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/05/14 17:15:40 | 00,010,368 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2004/12/26 23:35:26 | 00,007,424 | ---- | M] (JuneFabrics) -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm [On_Demand | Stopped])
[2008/11/20 17:23:08 | 00,138,952 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Stopped])
[2004/06/03 00:50:07 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Stopped])
[2001/08/18 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2001/09/04 14:39:28 | 00,078,454 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K [System | Running])
[2001/08/18 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Stopped])
[2008/04/13 08:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2007/04/19 18:33:57 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [On_Demand | Stopped])
[2001/09/10 09:43:46 | 00,205,824 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
[2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 10:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2006/11/06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2001/08/13 16:17:34 | 00,737,973 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf [On_Demand | Running])
[2001/08/18 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=
"Provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>;*.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=
"Provider"=gogl

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>;*.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers (Microsoft® Corporation)
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S File not found
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S File not found
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (Adobe Systems Incorporated)

========== (O4) Startup Folders ==========

[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
[2007/03/12 19:18:50 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2005/05/06 19:16:44 | 00,025,214 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk = C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe
[2000/01/21 00:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
[2000/08/08 12:00:00 | 00,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
File not found -- C:\Documents and Settings\Michael Lombardo\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{CF7D4B29-91D3-408E-91FB-5538CE643D1A}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
File not found -- C:\Documents and Settings\Michael Lombardo\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{C0638AD1-493A-4A96-A3D7-A9922E5818F3}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
File not found -- C:\Documents and Settings\Tyler Lombardo\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoSplash"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"ForceClassicControlPanel"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"ForceClassicControlPanel"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
&Define: C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM [2000/07/07 13:48:00 | 00,001,408 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Look Up in &Encyclopedia: C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM [2000/07/07 13:48:00 | 00,001,412 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
&Define: C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM [2000/07/07 13:48:00 | 00,001,408 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Look Up in &Encyclopedia: C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM [2000/07/07 13:48:00 | 00,001,412 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2FDEF853-0759-11D4-A92E-006097DBED37}: Button: Encarta Encyclopedia -- %CommonProgramFiles%\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM [2000/07/07 13:48:00 | 00,001,412 | ---- | M] ()
{2FDEF853-0759-11D4-A92E-006097DBED37}: Menu: Encarta Encyclopedia -- %CommonProgramFiles%\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM [2000/07/07 13:48:00 | 00,001,412 | ---- | M] ()
{5DA9DE80-097A-11D4-A92E-006097DBED37}: Button: Define -- %CommonProgramFiles%\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM [2000/07/07 13:48:00 | 00,001,408 | ---- | M] ()
{5DA9DE80-097A-11D4-A92E-006097DBED37}: Menu: Define -- %CommonProgramFiles%\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM [2000/07/07 13:48:00 | 00,001,408 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2FDEF853-0759-11D4-A92E-006097DBED37} [HKLM] -> [Encarta Encyclopedia] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5DA9DE80-097A-11D4-A92E-006097DBED37} [HKLM] -> [Define] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2FDEF853-0759-11D4-A92E-006097DBED37} [HKLM] -> [Encarta Encyclopedia] -> File not found
CmdMapping\\{5DA9DE80-097A-11D4-A92E-006097DBED37} [HKLM] -> [Define] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2FDEF853-0759-11D4-A92E-006097DBED37} [HKLM] -> [Encarta Encyclopedia] -> File not found
CmdMapping\\{5DA9DE80-097A-11D4-A92E-006097DBED37} [HKLM] -> [Define] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2FDEF853-0759-11D4-A92E-006097DBED37} [HKLM] -> [Encarta Encyclopedia] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5DA9DE80-097A-11D4-A92E-006097DBED37} [HKLM] -> [Define] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
50 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00000161-0000-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/msaudio.cab -- Reg Error: Key does not exist or could not be opened.
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://go.microsoft.com/fwlink/?linkid=58813 -- Office Genuine Advantage Validation Tool
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/microsoftupdat...b?1195967445578 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1195967416390 -- MUWebControl Class
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}: http://launch.gamespyarcade.com/software/launch/alaunch.cab -- GSDACtl Class
{74D05D43-3236-11D4-BDCD-00C04F9A3B61}: http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab -- HouseCall Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{9F1C11AA-197B-4942-BA54-47A8489BB47F}: http://v4.windowsupdate.microsoft.com/CAB/...8172.4487962963 -- Reg Error: Key does not exist or could not be opened.
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdate/content/opuc4.cab -- Office Update Installation Engine
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{70445B36-C9CA-4541-8F2D-35F805CBD459} (Servers: | Description: Windows Mobile-based Internet Sharing Device)
{7A2068E2-2C45-41B2-83DB-D19EB34B3FE7} (Servers: | Description: CNet PRO200WL PCI Fast Ethernet Adapter)
{7B2D7546-016D-43C7-93BD-4CE8DDD965C2} (Servers: | Description: Windows Mobile-based Internet Sharing Device)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AutoRun []
[2007/01/13 18:35:44 | 00,630,784 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRun.exe -- [ UDF ]

AutoRun.exe [MZ | ]
[2007/01/13 18:35:44 | 00,630,784 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRun.exe -- [ UDF ]

autorun.inf [[autorun] | open=Autorun.exe | Icon=TSBin\SimsLS.exe | Name=The Sims Life Stories | | [Special] | Disk=1 | ProductGuiID={DA932D71-E52A-43D5-009E-395A1AEC1474} | | ]
[2007/01/13 19:13:20 | 00,000,156 | R--- | M] () -- D:\autorun.inf -- [ UDF ]

AutoRunGUI.dll [MZ | ]
[2007/01/13 13:30:07 | 00,585,728 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRunGUI.dll -- [ UDF ]

========== Files/Folders - Created Within 30 Days ==========

[10 C:\WINDOWS\*.tmp files]
[2009/01/04 21:11:59 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/01/04 20:58:43 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael Lombardo\Desktop\OTViewIt.exe
[2009/01/03 21:45:19 | 16,168,344 | ---- | C] () -- C:\Documents and Settings\Michael Lombardo\Desktop\jre-6u11-windows-i586-p.exe
[2009/01/02 14:02:24 | 17,593,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/02 12:54:10 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/01/02 12:52:55 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/01/02 12:16:46 | 00,000,000 | ---D | C] -- C:\rsit
[2009/01/02 11:46:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/01/02 11:25:40 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/01/02 11:25:34 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/01/02 11:25:31 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/01/02 11:20:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/02 11:20:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/02 11:20:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/02 11:20:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/02 11:20:10 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/02 11:20:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/02 11:20:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/02 11:20:10 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/02 11:20:10 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/02 11:20:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/02 11:20:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/02 11:16:15 | 02,888,012 | R--- | C] () -- C:\Documents and Settings\Michael Lombardo\Desktop\ComboFix.exe
[2008/12/16 21:44:23 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Michael Lombardo\My Documents\HCTV Maintenance and Grounds Meeting 12-17-08.doc
[2008/12/13 21:29:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael Lombardo\Desktop\backups

========== Files - Modified Within 30 Days ==========

[14 C:\WINDOWS\System32\*.tmp files]
[10 C:\WINDOWS\*.tmp files]
[2009/01/04 22:26:48 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/04 22:25:13 | 00,002,355 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
[2009/01/04 22:24:59 | 00,028,707 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/04 22:24:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/04 22:24:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/04 21:07:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/04 20:58:48 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Lombardo\Desktop\OTViewIt.exe
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/03 22:20:48 | 02,888,012 | R--- | M] () -- C:\Documents and Settings\Michael Lombardo\Desktop\ComboFix.exe
[2009/01/03 21:45:19 | 16,168,344 | ---- | M] () -- C:\Documents and Settings\Michael Lombardo\Desktop\jre-6u11-windows-i586-p.exe
[2009/01/02 14:32:01 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/01/02 14:02:07 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/02 13:31:38 | 00,000,674 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/02 12:05:33 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rozemeho
[2009/01/02 11:25:40 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/12/27 12:34:50 | 00,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/12/16 21:44:24 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Michael Lombardo\My Documents\HCTV Maintenance and Grounds Meeting 12-17-08.doc
[2008/12/14 19:11:01 | 00,000,766 | ---- | M] () -- C:\WINDOWS\CoD.INI
[2008/12/12 09:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 09:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >


OTViewIt Extras logfile created on: 1/4/2009 10:28:49 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Michael Lombardo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 181.50 Mb Available Physical Memory | 35.52% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.80% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 26.25 Gb Free Space | 35.22% Space Free | Partition Type: NTFS
Drive D: | 2.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Michael Lombardo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[2006/06/06 11:38:20 | 05,322,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
[2006/05/31 13:43:24 | 01,002,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2007/03/12 19:18:50 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2003/12/01 21:46:40 | 02,581,176 | ---- | M] (Electronic Arts Inc.) -- C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault™ Breakthrough
[2003/03/20 14:10:04 | 01,658,880 | ---- | M] (Electronic Arts Inc.) -- C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead
[2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 16:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
[2004/11/18 21:43:44 | 01,830,912 | ---- | M] () -- C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP
[2002/03/07 15:59:32 | 02,531,925 | ---- | M] (Electronic Arts Inc.) -- C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault™
[2002/02/27 18:50:00 | 00,417,792 | ---- | M] (Pocket Soft, Inc.) -- C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd
[2004/07/19 15:26:04 | 01,622,016 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility
[2004/07/19 15:26:28 | 00,466,944 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray
[2004/07/19 15:26:56 | 01,216,512 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup
[2004/07/19 15:27:18 | 00,917,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update
[2004/09/19 13:04:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2005/10/31 07:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
[2005/01/26 12:17:34 | 00,241,664 | ---- | M] (Mary Kay Inc.) -- C:\DOM\Xm.exe:*:Enabled:Connection Manager for Mary Kay Desktop Office Manager
[2002/06/17 20:01:30 | 08,859,648 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 1942 Singleplayer Demo\BF1942.exe:*:Disabled:BF1942
[2008/04/13 16:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2002/12/10 09:03:00 | 00,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4
[2000/07/28 13:33:14 | 02,555,949 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II
[2001/06/15 13:37:34 | 02,699,309 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion
[2006/06/06 11:38:20 | 05,322,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
[2006/05/31 13:43:24 | 01,002,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2006/11/18 22:18:32 | 08,779,265 | ---- | M] () -- C:\Program Files\Anarchy\AgeOfCastles\Age-of-Castles.exe:*:Enabled:Age of Castles
[2006/05/18 16:44:46 | 07,558,590 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
[2007/03/12 19:18:50 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007/08/07 08:22:12 | 09,710,464 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3
[2006/03/30 19:39:52 | 01,974,272 | ---- | M] () -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s
[2008/04/13 16:12:17 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2005/11/04 09:27:38 | 11,599,872 | ---- | M] (Mad Doc Software) -- C:\Program Files\Sierra\Empire Earth II\EE2.exe:*:Enabled:Empire Earth II
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/06/12 13:43:30 | 00,053,505 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\guardgui.exe:*:Enabled:GUARDGUI
[2008/04/13 16:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe:*:Enabled:userinit
[2008/06/12 13:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched
[2000/08/08 12:00:00 | 00,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe:*:Enabled:wkcalrem

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/12 19:18:51 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/06 11:37:58 | 00,053,032 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.0.0787.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/06/27 02:51:06 | 00,212,992 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/06 11:37:58 | 00,053,032 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.0.0787.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 12:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{01001202-5D65-445A-B3B4-3DCE72BA0C6C}"=Microsoft Encarta Encyclopedia Standard 2001
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}"=Battlefield 2: Deluxe Edition
"{0B53B71D-9E2F-42B8-9123-96354872D166}"=EPSON Photo Print
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{0DEA94ED-915A-4834-A87E-388D012C8E02}"=Medal of Honor Allied Assault
"{0E0131B2-CF18-40D9-A331-60A3746C1204}"=EPSON Scan
"{109D28C7-FB38-483A-9C91-001CB59E2699}"=EPSON CardMonitor
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}"=Adobe Photoshop Album 2.0 Starter Edition
"{15D9EB74-998E-4A04-B468-51C2E7B32182}"=Microsoft Picture It! Publishing 2001
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}"=Medal of Honor Allied Assault™ Spearhead Patch 2.15
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{1D171963-9063-4423-898B-8EC4F1F190B7}"=EA downloader
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}"=Backup Dell-Installed Programs
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{34F85A4D-03CC-428A-80A4-880228646518}"=Safari
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3571656A-575D-4CED-809D-5547587121FF}"=Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{3884FCC0-9E16-423B-959A-FD77DD2F39E6}"=GuitarVision
"{3D719053-5593-11D3-8F25-0060085C1758}"=Microsoft Streets and Trips 2001
"{5ED20FB0-678F-41EE-9211-DC9C670FD193}"=Battlefield 1942 Multiplayer Demo
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}"=Microsoft Works Suite Add-in for Microsoft Word
"{609F7AC8-C510-11D4-A788-009027ABA5D0}"=Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}"=ArcSoft Software Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}"=EPSON Smart Panel
"{706D5382-7381-4680-9DD0-161832578252}"=DellTouch
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}"=RollerCoaster Tycoon 2
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}"=Medal of Honor Allied Assault™ Spearhead
"{7A837109-E671-470D-B489-F1EBE471D220}"=Windows Live Messenger
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}"=Medal of Honor Allied Assault™ Breakthrough
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8CC15633-2327-43F4-BA85-B83FDB4B59BE}"=Microsoft Broadband Networking
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}"=RollerCoaster Tycoon® 3
"{91120000-001A-0000-0000-0000000FF1CE}"=Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91190409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Publisher 2003
"{91E30409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0.8
"{AE704636-ECD0-426C-952E-05B8DABD1949}"=EPSON PhotoStarter3.2
"{B1AD83A0-DC92-41E3-B111-E9472349768C}"=RollerCoaster Tycoon 2: Wacky Worlds
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B6829D65-F5C5-47F0-00BC-F5906EA94F4C}"=Tiger Woods PGA TOUR 07
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}"=EPSON Copy Utility
"{B6D7A630-9136-490E-B190-D0E71813BCAE}"=Battlefield 1942 Singleplayer Demo
"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}"=RollerCoaster Tycoon 2: Time Twister
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}"=Works Synchronization
"{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}"=Medal of Honor Allied Assault™ Spearhead
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}"=Morrowind
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}"=Microsoft Money 2001
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}"=ABBYY FineReader 5.0 Sprint Plus
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD
"{DA932D71-E52A-43D5-009E-395A1AEC1474}"=The Sims™ Life Stories
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}"=TES Construction Set
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}"=Empire Earth II
"{DF9046D6-5F1F-40B6-9782-3DC2D902D391}"=Medal of Honor Allied Assault™ Breakthrough Patch v2.40
"{E4A0225B-A975-416C-8CF7-C1C025FD32D6}"=YP-U1
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}"=RCT3 Soaked
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F596C356-BF35-4ED7-981C-CC791461A8F0}"=Empire Earth II: The Art of Supremacy
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}"=Microsoft Works 6.0
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}"=Works Suite OS Pack
"{FE6EFF4B-3201-4C83-B12A-8192878B8047}"=DOM
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23"=EA SPORTS online 2007
"Action Replay Code Manager_is1"=Action Replay Code Manager
"Adobe AIR"=Adobe AIR
"Adobe Atmosphere Player"=Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"Age of Empires 2.0"=Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0"=Microsoft Age of Empires II: The Conquerors Expansion
"AgeOfCastles"=AgeOfCastles
"Anewsoft MP3 Recorder_is1"=Anewsoft MP3 Recorder 2.0
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"Call of Duty Game of the Year Edition"=Call of Duty Game of the Year Edition
"EPSON Printer and Utilities"=EPSON Printer Software
"FoneSync"=FoneSync
"GameSpy Arcade"=GameSpy Arcade
"GameSpy Software"=GameSpy Software
"Google Updater"=Google Updater
"Guild Wars"=Guild Wars
"HijackThis"=HijackThis 2.0.2
"InstallShield_{1D171963-9063-4423-898B-8EC4F1F190B7}"=EA downloader
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"IrfanView"=IrfanView (remove only)
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Driver"=NVIDIA Display Driver
"NVIDIA Drivers"=NVIDIA Drivers
"OUTLOOKR"=Microsoft Office Outlook 2007 Trial
"RealPlayer 6.0"=RealPlayer Basic
"Silent Package Run-Time Sample"=EPSON SPRX600 Reference Guide
"WavePad"=WavePad Uninstall
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinAce Archiver"=WinAce Archiver
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WMV9_VCM"=Microsoft Windows Media Video 9 VCM
"Works2001Setup"=Microsoft Works 2001 Setup Launcher
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoo Tycoon 1.0"=Zoo Tycoon: Complete Collection

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2008 3:03:03 AM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/14/2008 11:09:11 PM | Computer Name = HOME | Source = Application Error | ID = 1005
Description = Windows cannot access the file E:\Setup\rsrc\demo32.exe for one of
the following reasons: there is a problem with the network connection, the disk
that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program DemoShield Runtime Player because
of this error. Program: DemoShield Runtime Player File: E:\Setup\rsrc\demo32.exe The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 5

Error - 12/14/2008 11:09:18 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application demo32.exe, version 6.71.100.1130, faulting module
demo32.exe, version 6.71.100.1130, fault address 0x0002c5ea.

Error - 12/16/2008 8:24:53 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application PowerDVD.exe, version 6.0.0.2128, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/17/2008 6:51:30 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2008 2:19:49 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

Error - 12/27/2008 2:21:06 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

Error - 12/28/2008 4:07:42 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

Error - 12/28/2008 9:41:39 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

Error - 12/28/2008 9:42:35 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

[ System Events ]
Error - 1/4/2009 1:57:53 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 2:00:58 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2


< End of report >


Malwarebytes' Anti-Malware 1.32
Database version: 1616
Windows 5.1.2600 Service Pack 3

1/4/2009 10:21:30 PM
mbam-log-2009-01-04 (22-21-30).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 194580
Time elapsed: 1 hour(s), 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 63

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\visoboja.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bowikiku.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fezahoyu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\govuyoni.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hemudapa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\liseruka.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\luravufa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\makezimu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pawovuda.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\taruyola.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tomewope.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vomuganu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yizimife.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zarebeba.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP635\A0087218.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP635\A0087220.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP635\A0087221.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP637\A0090761.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP638\A0091290.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP647\A0094321.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP647\A0094323.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP647\A0094324.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP647\A0094328.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP647\A0094386.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP657\A0097880.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0099605.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0099609.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0099610.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0102087.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0100746.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0100749.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0100888.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0100919.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0100920.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0100921.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0100947.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0101011.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0101022.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0101023.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0101025.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0101026.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0101030.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0101032.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0101033.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0101037.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0102084.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0103103.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0103104.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP662\A0103105.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP663\A0103124.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP663\A0103128.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP663\A0103135.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP663\A0103136.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP663\A0103141.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP663\A0103142.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP663\A0103143.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP663\A0103145.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP663\A0103148.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP663\A0103149.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP663\A0103133.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP667\A0104019.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP667\A0104020.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D79451F-FAA8-48E7-8A93-E1AEE1102E25}\RP679\A0105484.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


ComboFix 09-01-02.01 - Michael Lombardo 2009-01-04 21:02:23.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.257 [GMT -8:00]
Running from: c:\documents and settings\Michael Lombardo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael Lombardo\Desktop\CFScript.txt
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\rn.tmp
c:\windows\system32\vomuganu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\rn.tmp
c:\windows\system32\vomuganu.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-03 22:03 . 2009-01-03 22:02 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-02 13:25 . 2009-01-03 22:02 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-02 12:54 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-02 12:52 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-02 12:16 . 2009-01-02 12:17 <DIR> d-------- C:\rsit
2008-12-16 16:24 . 2008-12-16 16:24 <DIR> d-------- c:\documents and settings\Tyler Lombardo\Application Data\CyberLink
2008-12-08 16:01 . 2008-12-08 16:01 <DIR> d-------- c:\documents and settings\Tyler Lombardo\.thumbnails
2008-12-08 15:34 . 2008-12-28 18:31 <DIR> d-------- c:\documents and settings\Tyler Lombardo\.gimp-2.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 06:44 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition classic
2009-01-04 06:25 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-04 05:56 --------- d-----w c:\program files\Java
2009-01-04 05:47 --------- d-----w c:\program files\FrostWire
2009-01-02 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-02 19:50 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-02 04:42 --------- d-----w c:\documents and settings\Michael Lombardo\Application Data\FrostWire
2008-12-27 20:34 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-15 03:48 --------- d-----w c:\program files\Call of Duty Game of the Year Edition
2008-12-14 05:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-04 03:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 03:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-27 17:33 --------- d-----w c:\documents and settings\Tyler Lombardo\Application Data\Apple Computer
2008-11-22 18:28 --------- d-----w c:\program files\iTunes
2008-11-22 18:28 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-22 18:27 --------- d-----w c:\program files\iPod
2008-11-22 18:27 --------- d-----w c:\program files\Common Files\Apple
2008-11-22 18:24 --------- d-----w c:\program files\QuickTime
2008-11-22 18:01 --------- d-----w c:\program files\Safari
2008-11-21 01:23 138,952 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-21 01:22 202,512 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-12 07:10 --------- d-----w c:\program files\Google
2008-11-07 22:23 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-11-06 04:45 61,224 ----a-w c:\documents and settings\Michael Lombardo\GoToAssistDownloadHelper.exe
2008-11-05 02:06 --------- d-----w c:\documents and settings\All Users\Application Data\qdudshcf
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2005-11-02 07:45 36 ----a-w c:\documents and settings\Michael Lombardo\klextlock.dat
.

((((((((((((((((((((((((((((( snapshot_2009-01-02_14.40.10.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-02 21:25:16 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-01-04 06:02:52 144,792 ----a-w c:\windows\system32\java.exe
- 2009-01-02 21:25:17 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-01-04 06:02:52 144,792 ----a-w c:\windows\system32\javaw.exe
- 2009-01-02 21:25:17 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-01-04 06:02:52 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-01-05 03:21:26 16,384 ----atw c:\windows\temp\Perflib_Perfdata_378.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-12 67128]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 655360]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-08-08 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-09-19 26112]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\StubInstaller.exe"=
"c:\\DOM\\Xm.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942 Singleplayer Demo\\BF1942.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Anarchy\\AgeOfCastles\\Age-of-Castles.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AntiVir PersonalEdition Classic\\guardgui.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\AntiVir PersonalEdition Classic\\sched.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkCalRem.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2006-01-30 22336]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2006-01-30 45376]
R4 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-06-21 3712]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-15 33752]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2004-12-27 7424]
.
Contents of the 'Scheduled Tasks' folder

2008-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Define - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Look Up in &Encyclopedia - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 21:06:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-04 21:09:40
ComboFix-quarantined-files.txt 2009-01-05 05:08:39
ComboFix2.txt 2009-01-04 06:30:13
ComboFix3.txt 2009-01-02 19:46:19

Pre-Run: 28,157,267,968 bytes free
Post-Run: 28,145,135,616 bytes free

192 --- E O F --- 2009-01-02 22:06:00

4 logs total. thanks again.

#11 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:04:07 PM

Posted 05 January 2009 - 08:08 AM

Hello,

actually the 2 missing files seem to have been found, i havent seen the errors again. maye since i turned off spybot teatimer? ill check after you allow me to turn it back on. here are the logs.


Looks like we are about done with the big tools, you can re-enable it now. :thumbsup:

Also, Did you run ATF Cleaner? There is evidence to suggest in your logs, that you didn't.

Seems MBAM detected malware activity in your System Volume Information folder, which is created when you create a restore point, so please do the following:

Purge System Restore Points

You should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to disable and re-enable system restore here:

Windows XP System Restore Guide. However do not make a new restore point as of yet. You are still infected.

OTMoveIt

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\*.tmp
    C:\WINDOWS\System32\*.tmp
    
    :commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Rescan

Please rescan with OTViewIt.


In your next reply, please post:
  • OTMoveIt log
  • OTViewIt log
  • How is your pc running now?

Edited by Jat90, 05 January 2009 - 08:09 AM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#12 bidi00

bidi00
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 05 January 2009 - 10:58 PM

========== FILES ==========
C:\WINDOWS\001212_.tmp moved successfully.
C:\WINDOWS\003859_.tmp moved successfully.
C:\WINDOWS\005859_.tmp moved successfully.
C:\WINDOWS\DUMP24dd.tmp moved successfully.
C:\WINDOWS\DUMP24ed.tmp moved successfully.
C:\WINDOWS\DUMP254a.tmp moved successfully.
C:\WINDOWS\msdownld.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET7.tmp moved successfully.
C:\WINDOWS\SETD.tmp moved successfully.
C:\WINDOWS\System32\bapenuge.dll.tmp moved successfully.
C:\WINDOWS\System32\benugame.dll.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\gejanojo.dll.tmp moved successfully.
C:\WINDOWS\System32\jozoyona.dll.tmp moved successfully.
C:\WINDOWS\System32\norefose.dll.tmp moved successfully.
C:\WINDOWS\System32\nupanogo.dll.tmp moved successfully.
C:\WINDOWS\System32\pozowaha.dll.tmp moved successfully.
C:\WINDOWS\System32\pufupode.dll.tmp moved successfully.
C:\WINDOWS\System32\rn.tmp moved successfully.
C:\WINDOWS\System32\sefewana.dll.tmp moved successfully.
C:\WINDOWS\System32\sovowuyi.dll.tmp moved successfully.
C:\WINDOWS\System32\sozejudu.dll.tmp moved successfully.
C:\WINDOWS\System32\wevoyira.dll.tmp moved successfully.
C:\WINDOWS\System32\yetugayu.dll.tmp moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_27c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01052009_194438




OTViewIt logfile created on: 1/5/2009 7:53:03 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Michael Lombardo\Desktop\system tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 186.96 Mb Available Physical Memory | 36.59% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.53% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 28.82 Gb Free Space | 38.67% Space Free | Partition Type: NTFS
Drive D: | 2.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 583.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Michael Lombardo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/14 17:28:06 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/06/12 13:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
[2008/08/07 08:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/11/11 23:08:27 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2009/01/03 22:02:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/07/20 17:07:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/08/30 17:06:18 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2008/11/20 17:22:59 | 00,202,512 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
[2001/09/04 14:31:50 | 00,655,360 | ---- | M] (Roxio) -- C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
[2004/09/19 13:04:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
[2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
[2008/04/13 16:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/01/12 02:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2009/01/03 22:02:55 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/03/12 19:18:50 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2004/07/19 15:26:28 | 00,466,944 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
[2000/08/08 12:00:00 | 00,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/04/13 16:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/05/02 01:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
[2009/01/04 20:58:48 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Lombardo\Desktop\system tools\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/14 17:28:06 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/06/12 13:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/07 08:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 09:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2008/11/11 23:08:27 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/01/03 22:02:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
[2005/07/20 17:07:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/08/30 17:06:18 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2008/11/20 17:22:59 | 00,202,512 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2001/08/17 04:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running])
[2004/09/19 13:04:33 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2008/05/09 12:15:51 | 00,045,376 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd [System | Running])
[2008/01/21 17:11:28 | 00,022,336 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntmgr.sys -- (avgntmgr [Boot | Running])
[2008/06/27 14:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2004/07/03 20:37:27 | 00,055,216 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2004/07/03 20:37:27 | 00,022,713 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2001/09/04 15:37:08 | 00,233,344 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
[2001/08/17 04:11:42 | 00,029,696 | ---- | M] (CNet Technology, Inc. ) -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102 [On_Demand | Running])
[2001/09/04 14:39:50 | 00,017,990 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2001/08/17 05:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Stopped])
[2008/02/29 02:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
[2006/06/01 14:46:42 | 00,003,712 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE [Auto | Running])
[2008/02/29 02:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2006/05/10 08:56:54 | 00,027,264 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
[2006/05/10 08:56:26 | 00,036,736 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK [On_Demand | Stopped])
[2008/02/29 02:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2006/05/10 08:56:50 | 00,071,680 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
[2008/02/29 02:13:46 | 00,028,944 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt [On_Demand | Running])
[2001/09/04 14:39:40 | 00,019,702 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2005/07/20 17:07:00 | 03,198,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/05/14 17:15:40 | 00,010,368 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2004/12/26 23:35:26 | 00,007,424 | ---- | M] (JuneFabrics) -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm [On_Demand | Stopped])
[2008/11/20 17:23:08 | 00,138,952 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Stopped])
[2004/06/03 00:50:07 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Stopped])
[2001/08/18 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2001/09/04 14:39:28 | 00,078,454 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K [System | Running])
[2001/08/18 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Stopped])
[2008/04/13 08:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2007/04/19 18:33:57 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [On_Demand | Stopped])
[2001/09/10 09:43:46 | 00,205,824 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
[2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 10:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2006/11/06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2001/08/13 16:17:34 | 00,737,973 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf [On_Demand | Running])
[2001/08/18 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=
"Provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>;*.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers (Microsoft® Corporation)
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S File not found
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (Adobe Systems Incorporated)

========== (O4) Startup Folders ==========

[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
[2007/03/12 19:18:50 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2005/05/06 19:16:44 | 00,025,214 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk = C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe
[2000/01/21 00:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
[2000/08/08 12:00:00 | 00,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
File not found -- C:\Documents and Settings\Michael Lombardo\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{CF7D4B29-91D3-408E-91FB-5538CE643D1A}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
File not found -- C:\Documents and Settings\Michael Lombardo\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{C0638AD1-493A-4A96-A3D7-A9922E5818F3}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoSplash"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"ForceClassicControlPanel"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
&Define: C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM [2000/07/07 13:48:00 | 00,001,408 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Look Up in &Encyclopedia: C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM [2000/07/07 13:48:00 | 00,001,412 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2FDEF853-0759-11D4-A92E-006097DBED37}: Button: Encarta Encyclopedia -- %CommonProgramFiles%\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM [2000/07/07 13:48:00 | 00,001,412 | ---- | M] ()
{2FDEF853-0759-11D4-A92E-006097DBED37}: Menu: Encarta Encyclopedia -- %CommonProgramFiles%\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM [2000/07/07 13:48:00 | 00,001,412 | ---- | M] ()
{5DA9DE80-097A-11D4-A92E-006097DBED37}: Button: Define -- %CommonProgramFiles%\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM [2000/07/07 13:48:00 | 00,001,408 | ---- | M] ()
{5DA9DE80-097A-11D4-A92E-006097DBED37}: Menu: Define -- %CommonProgramFiles%\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM [2000/07/07 13:48:00 | 00,001,408 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2FDEF853-0759-11D4-A92E-006097DBED37} [HKLM] -> [Encarta Encyclopedia] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5DA9DE80-097A-11D4-A92E-006097DBED37} [HKLM] -> [Define] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
50 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00000161-0000-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/msaudio.cab -- Reg Error: Key does not exist or could not be opened.
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://go.microsoft.com/fwlink/?linkid=58813 -- Office Genuine Advantage Validation Tool
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/microsoftupdat...b?1195967445578 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1195967416390 -- MUWebControl Class
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}: http://launch.gamespyarcade.com/software/launch/alaunch.cab -- GSDACtl Class
{74D05D43-3236-11D4-BDCD-00C04F9A3B61}: http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab -- HouseCall Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{9F1C11AA-197B-4942-BA54-47A8489BB47F}: http://v4.windowsupdate.microsoft.com/CAB/...8172.4487962963 -- Reg Error: Key does not exist or could not be opened.
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdate/content/opuc4.cab -- Office Update Installation Engine
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{70445B36-C9CA-4541-8F2D-35F805CBD459} (Servers: | Description: Windows Mobile-based Internet Sharing Device)
{7A2068E2-2C45-41B2-83DB-D19EB34B3FE7} (Servers: | Description: CNet PRO200WL PCI Fast Ethernet Adapter)
{7B2D7546-016D-43C7-93BD-4CE8DDD965C2} (Servers: | Description: Windows Mobile-based Internet Sharing Device)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AutoRun []
[2007/01/13 18:35:44 | 00,630,784 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRun.exe -- [ UDF ]

AutoRun.exe [MZ | ]
[2007/01/13 18:35:44 | 00,630,784 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRun.exe -- [ UDF ]

autorun.inf [[autorun] | open=Autorun.exe | Icon=TSBin\SimsLS.exe | Name=The Sims Life Stories | | [Special] | Disk=1 | ProductGuiID={DA932D71-E52A-43D5-009E-395A1AEC1474} | | ]
[2007/01/13 19:13:20 | 00,000,156 | R--- | M] () -- D:\autorun.inf -- [ UDF ]

AutoRunGUI.dll [MZ | ]
[2007/01/13 13:30:07 | 00,585,728 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRunGUI.dll -- [ UDF ]

AutoRunMorrowind.exe [MZ | ]
[2002/03/25 17:03:42 | 00,024,576 | R--- | M] () -- E:\AutoRunMorrowind.exe -- [ CDFS ]

autorun.inf [[autorun] | open=AutoRunMorrowind.exe | icon=AutoRunMorrowind.exe,0 | label=Morrowind | shell\install=Install Morrowind | shell\install\command=Setup.exe | ]
[2002/04/03 17:12:04 | 00,000,150 | R--- | M] () -- E:\autorun.inf -- [ CDFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/01/05 19:44:38 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/04 22:43:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael Lombardo\Desktop\logs
[2009/01/04 21:11:59 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/01/02 14:02:24 | 17,593,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/02 12:54:10 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/01/02 12:52:55 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/01/02 12:16:46 | 00,000,000 | ---D | C] -- C:\rsit
[2009/01/02 11:46:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/01/02 11:25:40 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/01/02 11:25:34 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/01/02 11:25:31 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/01/02 11:20:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/02 11:20:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/02 11:20:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/02 11:20:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/02 11:20:10 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/02 11:20:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/02 11:20:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/02 11:20:10 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/02 11:20:10 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/02 11:20:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/02 11:20:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/02 11:16:15 | 02,888,012 | R--- | C] () -- C:\Documents and Settings\Michael Lombardo\Desktop\ComboFix.exe
[2008/12/16 21:44:23 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Michael Lombardo\My Documents\HCTV Maintenance and Grounds Meeting 12-17-08.doc
[2008/12/13 21:29:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael Lombardo\Desktop\backups

========== Files - Modified Within 30 Days ==========

[2009/01/05 19:49:15 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/05 19:48:57 | 00,002,355 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
[2009/01/05 19:48:48 | 00,028,707 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/05 19:48:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/05 19:47:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/04 21:07:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/03 22:20:48 | 02,888,012 | R--- | M] () -- C:\Documents and Settings\Michael Lombardo\Desktop\ComboFix.exe
[2009/01/02 14:32:01 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/01/02 14:02:07 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/02 13:31:38 | 00,000,674 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/02 12:05:33 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rozemeho
[2009/01/02 11:25:40 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/12/27 12:34:50 | 00,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/12/16 21:44:24 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Michael Lombardo\My Documents\HCTV Maintenance and Grounds Meeting 12-17-08.doc
[2008/12/14 19:11:01 | 00,000,766 | ---- | M] () -- C:\WINDOWS\CoD.INI
[2008/12/12 09:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 09:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >




OTViewIt Extras logfile created on: 1/5/2009 7:53:03 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Michael Lombardo\Desktop\system tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 186.96 Mb Available Physical Memory | 36.59% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.53% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 28.82 Gb Free Space | 38.67% Space Free | Partition Type: NTFS
Drive D: | 2.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 583.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Michael Lombardo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[2006/06/06 11:38:20 | 05,322,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
[2006/05/31 13:43:24 | 01,002,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2007/03/12 19:18:50 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2003/12/01 21:46:40 | 02,581,176 | ---- | M] (Electronic Arts Inc.) -- C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault™ Breakthrough
[2003/03/20 14:10:04 | 01,658,880 | ---- | M] (Electronic Arts Inc.) -- C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead
[2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 16:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
[2004/11/18 21:43:44 | 01,830,912 | ---- | M] () -- C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP
[2002/03/07 15:59:32 | 02,531,925 | ---- | M] (Electronic Arts Inc.) -- C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault™
[2002/02/27 18:50:00 | 00,417,792 | ---- | M] (Pocket Soft, Inc.) -- C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd
[2004/07/19 15:26:04 | 01,622,016 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility
[2004/07/19 15:26:28 | 00,466,944 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray
[2004/07/19 15:26:56 | 01,216,512 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup
[2004/07/19 15:27:18 | 00,917,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update
[2004/09/19 13:04:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2005/10/31 07:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
[2005/01/26 12:17:34 | 00,241,664 | ---- | M] (Mary Kay Inc.) -- C:\DOM\Xm.exe:*:Enabled:Connection Manager for Mary Kay Desktop Office Manager
[2002/06/17 20:01:30 | 08,859,648 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 1942 Singleplayer Demo\BF1942.exe:*:Disabled:BF1942
[2008/04/13 16:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2002/12/10 09:03:00 | 00,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4
[2000/07/28 13:33:14 | 02,555,949 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II
[2001/06/15 13:37:34 | 02,699,309 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion
[2006/06/06 11:38:20 | 05,322,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
[2006/05/31 13:43:24 | 01,002,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2006/11/18 22:18:32 | 08,779,265 | ---- | M] () -- C:\Program Files\Anarchy\AgeOfCastles\Age-of-Castles.exe:*:Enabled:Age of Castles
[2006/05/18 16:44:46 | 07,558,590 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
[2007/03/12 19:18:50 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007/08/07 08:22:12 | 09,710,464 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3
[2006/03/30 19:39:52 | 01,974,272 | ---- | M] () -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s
[2008/04/13 16:12:17 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2005/11/04 09:27:38 | 11,599,872 | ---- | M] (Mad Doc Software) -- C:\Program Files\Sierra\Empire Earth II\EE2.exe:*:Enabled:Empire Earth II
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/06/12 13:43:30 | 00,053,505 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\guardgui.exe:*:Enabled:GUARDGUI
[2008/04/13 16:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe:*:Enabled:userinit
[2008/06/12 13:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched
[2000/08/08 12:00:00 | 00,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe:*:Enabled:wkcalrem

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/12 19:18:51 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])
ipp: [HKLM - No CLSID value]
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2006/06/06 11:37:58 | 00,053,032 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.0.0787.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2006/10/26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2000/06/27 02:51:06 | 00,212,992 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2006/06/06 11:37:58 | 00,053,032 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.0.0787.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007/03/14 12:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{01001202-5D65-445A-B3B4-3DCE72BA0C6C}"=Microsoft Encarta Encyclopedia Standard 2001
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}"=Battlefield 2: Deluxe Edition
"{0B53B71D-9E2F-42B8-9123-96354872D166}"=EPSON Photo Print
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{0DEA94ED-915A-4834-A87E-388D012C8E02}"=Medal of Honor Allied Assault
"{0E0131B2-CF18-40D9-A331-60A3746C1204}"=EPSON Scan
"{109D28C7-FB38-483A-9C91-001CB59E2699}"=EPSON CardMonitor
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}"=Adobe Photoshop Album 2.0 Starter Edition
"{15D9EB74-998E-4A04-B468-51C2E7B32182}"=Microsoft Picture It! Publishing 2001
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}"=Medal of Honor Allied Assault™ Spearhead Patch 2.15
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{1D171963-9063-4423-898B-8EC4F1F190B7}"=EA downloader
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}"=Backup Dell-Installed Programs
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{34F85A4D-03CC-428A-80A4-880228646518}"=Safari
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3571656A-575D-4CED-809D-5547587121FF}"=Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{3884FCC0-9E16-423B-959A-FD77DD2F39E6}"=GuitarVision
"{3D719053-5593-11D3-8F25-0060085C1758}"=Microsoft Streets and Trips 2001
"{5ED20FB0-678F-41EE-9211-DC9C670FD193}"=Battlefield 1942 Multiplayer Demo
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}"=Microsoft Works Suite Add-in for Microsoft Word
"{609F7AC8-C510-11D4-A788-009027ABA5D0}"=Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}"=ArcSoft Software Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}"=EPSON Smart Panel
"{706D5382-7381-4680-9DD0-161832578252}"=DellTouch
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}"=RollerCoaster Tycoon 2
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}"=Medal of Honor Allied Assault™ Spearhead
"{7A837109-E671-470D-B489-F1EBE471D220}"=Windows Live Messenger
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}"=Medal of Honor Allied Assault™ Breakthrough
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8CC15633-2327-43F4-BA85-B83FDB4B59BE}"=Microsoft Broadband Networking
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}"=RollerCoaster Tycoon® 3
"{91120000-001A-0000-0000-0000000FF1CE}"=Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91190409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Publisher 2003
"{91E30409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0.8
"{AE704636-ECD0-426C-952E-05B8DABD1949}"=EPSON PhotoStarter3.2
"{B1AD83A0-DC92-41E3-B111-E9472349768C}"=RollerCoaster Tycoon 2: Wacky Worlds
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B6829D65-F5C5-47F0-00BC-F5906EA94F4C}"=Tiger Woods PGA TOUR 07
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}"=EPSON Copy Utility
"{B6D7A630-9136-490E-B190-D0E71813BCAE}"=Battlefield 1942 Singleplayer Demo
"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}"=RollerCoaster Tycoon 2: Time Twister
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}"=Works Synchronization
"{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}"=Medal of Honor Allied Assault™ Spearhead
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}"=Morrowind
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}"=Microsoft Money 2001
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}"=ABBYY FineReader 5.0 Sprint Plus
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD
"{DA932D71-E52A-43D5-009E-395A1AEC1474}"=The Sims™ Life Stories
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}"=TES Construction Set
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}"=Empire Earth II
"{DF9046D6-5F1F-40B6-9782-3DC2D902D391}"=Medal of Honor Allied Assault™ Breakthrough Patch v2.40
"{E4A0225B-A975-416C-8CF7-C1C025FD32D6}"=YP-U1
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}"=RCT3 Soaked
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F596C356-BF35-4ED7-981C-CC791461A8F0}"=Empire Earth II: The Art of Supremacy
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}"=Microsoft Works 6.0
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}"=Works Suite OS Pack
"{FE6EFF4B-3201-4C83-B12A-8192878B8047}"=DOM
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23"=EA SPORTS online 2007
"Action Replay Code Manager_is1"=Action Replay Code Manager
"Adobe AIR"=Adobe AIR
"Adobe Atmosphere Player"=Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"Age of Empires 2.0"=Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0"=Microsoft Age of Empires II: The Conquerors Expansion
"AgeOfCastles"=AgeOfCastles
"Anewsoft MP3 Recorder_is1"=Anewsoft MP3 Recorder 2.0
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"Call of Duty Game of the Year Edition"=Call of Duty Game of the Year Edition
"EPSON Printer and Utilities"=EPSON Printer Software
"FoneSync"=FoneSync
"GameSpy Arcade"=GameSpy Arcade
"GameSpy Software"=GameSpy Software
"Google Updater"=Google Updater
"Guild Wars"=Guild Wars
"HijackThis"=HijackThis 2.0.2
"InstallShield_{1D171963-9063-4423-898B-8EC4F1F190B7}"=EA downloader
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"IrfanView"=IrfanView (remove only)
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Driver"=NVIDIA Display Driver
"NVIDIA Drivers"=NVIDIA Drivers
"OUTLOOKR"=Microsoft Office Outlook 2007 Trial
"RealPlayer 6.0"=RealPlayer Basic
"Silent Package Run-Time Sample"=EPSON SPRX600 Reference Guide
"WavePad"=WavePad Uninstall
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinAce Archiver"=WinAce Archiver
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WMV9_VCM"=Microsoft Windows Media Video 9 VCM
"Works2001Setup"=Microsoft Works 2001 Setup Launcher
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoo Tycoon 1.0"=Zoo Tycoon: Complete Collection

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2008 11:09:11 PM | Computer Name = HOME | Source = Application Error | ID = 1005
Description = Windows cannot access the file E:\Setup\rsrc\demo32.exe for one of
the following reasons: there is a problem with the network connection, the disk
that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program DemoShield Runtime Player because
of this error. Program: DemoShield Runtime Player File: E:\Setup\rsrc\demo32.exe The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 5

Error - 12/14/2008 11:09:18 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application demo32.exe, version 6.71.100.1130, faulting module
demo32.exe, version 6.71.100.1130, fault address 0x0002c5ea.

Error - 12/16/2008 8:24:53 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application PowerDVD.exe, version 6.0.0.2128, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/17/2008 6:51:30 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2008 2:19:49 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

Error - 12/27/2008 2:21:06 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

Error - 12/28/2008 4:07:42 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

Error - 12/28/2008 9:41:39 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

Error - 12/28/2008 9:42:35 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

Error - 1/5/2009 3:19:38 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module acropdf.dll, version 7.0.8.0, fault address 0x0002fdb3.

[ System Events ]
Error - 1/4/2009 1:57:53 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 2:00:58 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2


< End of report >


I did run the ATF cleaner as you asked. I just ran the rescan but i didnt check all users. Do i need to do so? Ill redo it and put it below.


OTViewIt logfile created on: 1/5/2009 7:56:27 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Michael Lombardo\Desktop\system tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 204.66 Mb Available Physical Memory | 40.05% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.64% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 28.82 Gb Free Space | 38.67% Space Free | Partition Type: NTFS
Drive D: | 2.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 583.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Michael Lombardo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/14 17:28:06 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/06/12 13:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
[2008/08/07 08:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/11/11 23:08:27 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2009/01/03 22:02:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/07/20 17:07:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/08/30 17:06:18 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2008/11/20 17:22:59 | 00,202,512 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
[2001/09/04 14:31:50 | 00,655,360 | ---- | M] (Roxio) -- C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
[2004/09/19 13:04:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
[2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
[2008/04/13 16:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/01/12 02:01:32 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2009/01/03 22:02:55 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/03/12 19:18:50 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2004/07/19 15:26:28 | 00,466,944 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
[2000/08/08 12:00:00 | 00,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/04/13 16:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/05/02 01:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
[2009/01/04 20:58:48 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Lombardo\Desktop\system tools\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/14 17:28:06 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/06/12 13:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/07 08:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 09:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2008/11/11 23:08:27 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/01/03 22:02:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
[2005/07/20 17:07:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/08/30 17:06:18 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2008/11/20 17:22:59 | 00,202,512 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2001/08/17 04:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running])
[2004/09/19 13:04:33 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2008/05/09 12:15:51 | 00,045,376 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd [System | Running])
[2008/01/21 17:11:28 | 00,022,336 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntmgr.sys -- (avgntmgr [Boot | Running])
[2008/06/27 14:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2004/07/03 20:37:27 | 00,055,216 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2004/07/03 20:37:27 | 00,022,713 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2001/09/04 15:37:08 | 00,233,344 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
[2001/08/17 04:11:42 | 00,029,696 | ---- | M] (CNet Technology, Inc. ) -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102 [On_Demand | Running])
[2001/09/04 14:39:50 | 00,017,990 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2001/08/17 05:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Stopped])
[2008/02/29 02:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
[2006/06/01 14:46:42 | 00,003,712 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE [Auto | Running])
[2008/02/29 02:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2006/05/10 08:56:54 | 00,027,264 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
[2006/05/10 08:56:26 | 00,036,736 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK [On_Demand | Stopped])
[2008/02/29 02:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2006/05/10 08:56:50 | 00,071,680 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
[2008/02/29 02:13:46 | 00,028,944 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt [On_Demand | Running])
[2001/09/04 14:39:40 | 00,019,702 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2005/07/20 17:07:00 | 03,198,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/05/14 17:15:40 | 00,010,368 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2004/12/26 23:35:26 | 00,007,424 | ---- | M] (JuneFabrics) -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm [On_Demand | Stopped])
[2008/11/20 17:23:08 | 00,138,952 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Stopped])
[2004/06/03 00:50:07 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Stopped])
[2001/08/18 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2001/09/04 14:39:28 | 00,078,454 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K [System | Running])
[2001/08/18 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Stopped])
[2008/04/13 08:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2007/04/19 18:33:57 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [On_Demand | Stopped])
[2001/09/10 09:43:46 | 00,205,824 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
[2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 10:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2006/11/06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2001/08/13 16:17:34 | 00,737,973 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf [On_Demand | Running])
[2001/08/18 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=
"Provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>;*.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=
"Provider"=gogl

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.tvguide.com;<local>;*.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers (Microsoft® Corporation)
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S File not found
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S File not found
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (Adobe Systems Incorporated)

========== (O4) Startup Folders ==========

[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
[2007/03/12 19:18:50 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2005/05/06 19:16:44 | 00,025,214 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk = C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe
[2000/01/21 00:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
[2000/08/08 12:00:00 | 00,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
File not found -- C:\Documents and Settings\Michael Lombardo\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{CF7D4B29-91D3-408E-91FB-5538CE643D1A}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
File not found -- C:\Documents and Settings\Michael Lombardo\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Michael Lombardo\Local Settings\Temp\{C0638AD1-493A-4A96-A3D7-A9922E5818F3}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
File not found -- C:\Documents and Settings\Tyler Lombardo\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoSplash"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"ForceClassicControlPanel"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"ForceClassicControlPanel"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
&Define: C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM [2000/07/07 13:48:00 | 00,001,408 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Look Up in &Encyclopedia: C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM [2000/07/07 13:48:00 | 00,001,412 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
&Define: C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM [2000/07/07 13:48:00 | 00,001,408 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Look Up in &Encyclopedia: C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM [2000/07/07 13:48:00 | 00,001,412 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2FDEF853-0759-11D4-A92E-006097DBED37}: Button: Encarta Encyclopedia -- %CommonProgramFiles%\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM [2000/07/07 13:48:00 | 00,001,412 | ---- | M] ()
{2FDEF853-0759-11D4-A92E-006097DBED37}: Menu: Encarta Encyclopedia -- %CommonProgramFiles%\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM [2000/07/07 13:48:00 | 00,001,412 | ---- | M] ()
{5DA9DE80-097A-11D4-A92E-006097DBED37}: Button: Define -- %CommonProgramFiles%\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM [2000/07/07 13:48:00 | 00,001,408 | ---- | M] ()
{5DA9DE80-097A-11D4-A92E-006097DBED37}: Menu: Define -- %CommonProgramFiles%\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM [2000/07/07 13:48:00 | 00,001,408 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2FDEF853-0759-11D4-A92E-006097DBED37} [HKLM] -> [Encarta Encyclopedia] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5DA9DE80-097A-11D4-A92E-006097DBED37} [HKLM] -> [Define] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2FDEF853-0759-11D4-A92E-006097DBED37} [HKLM] -> [Encarta Encyclopedia] -> File not found
CmdMapping\\{5DA9DE80-097A-11D4-A92E-006097DBED37} [HKLM] -> [Define] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2FDEF853-0759-11D4-A92E-006097DBED37} [HKLM] -> [Encarta Encyclopedia] -> File not found
CmdMapping\\{5DA9DE80-097A-11D4-A92E-006097DBED37} [HKLM] -> [Define] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2FDEF853-0759-11D4-A92E-006097DBED37} [HKLM] -> [Encarta Encyclopedia] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{5DA9DE80-097A-11D4-A92E-006097DBED37} [HKLM] -> [Define] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-117609710-688789844-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
50 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00000161-0000-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/msaudio.cab -- Reg Error: Key does not exist or could not be opened.
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://go.microsoft.com/fwlink/?linkid=58813 -- Office Genuine Advantage Validation Tool
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/microsoftupdat...b?1195967445578 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1195967416390 -- MUWebControl Class
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}: http://launch.gamespyarcade.com/software/launch/alaunch.cab -- GSDACtl Class
{74D05D43-3236-11D4-BDCD-00C04F9A3B61}: http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab -- HouseCall Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{9F1C11AA-197B-4942-BA54-47A8489BB47F}: http://v4.windowsupdate.microsoft.com/CAB/...8172.4487962963 -- Reg Error: Key does not exist or could not be opened.
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdate/content/opuc4.cab -- Office Update Installation Engine
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{70445B36-C9CA-4541-8F2D-35F805CBD459} (Servers: | Description: Windows Mobile-based Internet Sharing Device)
{7A2068E2-2C45-41B2-83DB-D19EB34B3FE7} (Servers: | Description: CNet PRO200WL PCI Fast Ethernet Adapter)
{7B2D7546-016D-43C7-93BD-4CE8DDD965C2} (Servers: | Description: Windows Mobile-based Internet Sharing Device)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AutoRun []
[2007/01/13 18:35:44 | 00,630,784 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRun.exe -- [ UDF ]

AutoRun.exe [MZ | ]
[2007/01/13 18:35:44 | 00,630,784 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRun.exe -- [ UDF ]

autorun.inf [[autorun] | open=Autorun.exe | Icon=TSBin\SimsLS.exe | Name=The Sims Life Stories | | [Special] | Disk=1 | ProductGuiID={DA932D71-E52A-43D5-009E-395A1AEC1474} | | ]
[2007/01/13 19:13:20 | 00,000,156 | R--- | M] () -- D:\autorun.inf -- [ UDF ]

AutoRunGUI.dll [MZ | ]
[2007/01/13 13:30:07 | 00,585,728 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRunGUI.dll -- [ UDF ]

AutoRunMorrowind.exe [MZ | ]
[2002/03/25 17:03:42 | 00,024,576 | R--- | M] () -- E:\AutoRunMorrowind.exe -- [ CDFS ]

autorun.inf [[autorun] | open=AutoRunMorrowind.exe | icon=AutoRunMorrowind.exe,0 | label=Morrowind | shell\install=Install Morrowind | shell\install\command=Setup.exe | ]
[2002/04/03 17:12:04 | 00,000,150 | R--- | M] () -- E:\autorun.inf -- [ CDFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/01/05 19:44:38 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/04 22:43:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael Lombardo\Desktop\logs
[2009/01/04 21:11:59 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/01/02 14:02:24 | 17,593,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/02 12:54:10 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/01/02 12:52:55 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/01/02 12:16:46 | 00,000,000 | ---D | C] -- C:\rsit
[2009/01/02 11:46:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/01/02 11:25:40 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/01/02 11:25:34 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/01/02 11:25:31 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/01/02 11:20:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/02 11:20:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/02 11:20:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/02 11:20:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/02 11:20:10 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/02 11:20:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/02 11:20:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/02 11:20:10 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/02 11:20:10 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/02 11:20:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/02 11:20:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/02 11:16:15 | 02,888,012 | R--- | C] () -- C:\Documents and Settings\Michael Lombardo\Desktop\ComboFix.exe
[2008/12/16 21:44:23 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Michael Lombardo\My Documents\HCTV Maintenance and Grounds Meeting 12-17-08.doc
[2008/12/13 21:29:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael Lombardo\Desktop\backups

========== Files - Modified Within 30 Days ==========

[2009/01/05 19:49:15 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/05 19:48:57 | 00,002,355 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
[2009/01/05 19:48:48 | 00,028,707 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/05 19:48:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/05 19:47:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/04 21:07:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/03 22:20:48 | 02,888,012 | R--- | M] () -- C:\Documents and Settings\Michael Lombardo\Desktop\ComboFix.exe
[2009/01/02 14:32:01 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/01/02 14:02:07 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/02 13:31:38 | 00,000,674 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/02 12:05:33 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rozemeho
[2009/01/02 11:25:40 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/12/27 12:34:50 | 00,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/12/16 21:44:24 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Michael Lombardo\My Documents\HCTV Maintenance and Grounds Meeting 12-17-08.doc
[2008/12/14 19:11:01 | 00,000,766 | ---- | M] () -- C:\WINDOWS\CoD.INI
[2008/12/12 09:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 09:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >



OTViewIt Extras logfile created on: 1/5/2009 7:56:27 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Michael Lombardo\Desktop\system tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 204.66 Mb Available Physical Memory | 40.05% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.64% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 28.82 Gb Free Space | 38.67% Space Free | Partition Type: NTFS
Drive D: | 2.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 583.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Michael Lombardo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[2006/06/06 11:38:20 | 05,322,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
[2006/05/31 13:43:24 | 01,002,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2007/03/12 19:18:50 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2003/12/01 21:46:40 | 02,581,176 | ---- | M] (Electronic Arts Inc.) -- C:\Program Files\EA GAMES\MOHAA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault™ Breakthrough
[2003/03/20 14:10:04 | 01,658,880 | ---- | M] (Electronic Arts Inc.) -- C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead
[2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 16:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
[2004/11/18 21:43:44 | 01,830,912 | ---- | M] () -- C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP
[2002/03/07 15:59:32 | 02,531,925 | ---- | M] (Electronic Arts Inc.) -- C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault™
[2002/02/27 18:50:00 | 00,417,792 | ---- | M] (Pocket Soft, Inc.) -- C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd
[2004/07/19 15:26:04 | 01,622,016 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility
[2004/07/19 15:26:28 | 00,466,944 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray
[2004/07/19 15:26:56 | 01,216,512 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup
[2004/07/19 15:27:18 | 00,917,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update
[2004/09/19 13:04:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2005/10/31 07:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
[2005/01/26 12:17:34 | 00,241,664 | ---- | M] (Mary Kay Inc.) -- C:\DOM\Xm.exe:*:Enabled:Connection Manager for Mary Kay Desktop Office Manager
[2002/06/17 20:01:30 | 08,859,648 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 1942 Singleplayer Demo\BF1942.exe:*:Disabled:BF1942
[2008/04/13 16:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2002/12/10 09:03:00 | 00,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4
[2000/07/28 13:33:14 | 02,555,949 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II
[2001/06/15 13:37:34 | 02,699,309 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion
[2006/06/06 11:38:20 | 05,322,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
[2006/05/31 13:43:24 | 01,002,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2006/11/18 22:18:32 | 08,779,265 | ---- | M] () -- C:\Program Files\Anarchy\AgeOfCastles\Age-of-Castles.exe:*:Enabled:Age of Castles
[2006/05/18 16:44:46 | 07,558,590 | ---- | M] () -- C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
[2007/03/12 19:18:50 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007/08/07 08:22:12 | 09,710,464 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3
[2006/03/30 19:39:52 | 01,974,272 | ---- | M] () -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s
[2008/04/13 16:12:17 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2005/11/04 09:27:38 | 11,599,872 | ---- | M] (Mad Doc Software) -- C:\Program Files\Sierra\Empire Earth II\EE2.exe:*:Enabled:Empire Earth II
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/06/12 13:43:30 | 00,053,505 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\guardgui.exe:*:Enabled:GUARDGUI
[2008/04/13 16:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe:*:Enabled:userinit
[2008/06/12 13:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched
[2000/08/08 12:00:00 | 00,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe:*:Enabled:wkcalrem

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/12 19:18:51 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/06 11:37:58 | 00,053,032 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.0.0787.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/06/27 02:51:06 | 00,212,992 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/06 11:37:58 | 00,053,032 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.0.0787.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 12:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{01001202-5D65-445A-B3B4-3DCE72BA0C6C}"=Microsoft Encarta Encyclopedia Standard 2001
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}"=Battlefield 2: Deluxe Edition
"{0B53B71D-9E2F-42B8-9123-96354872D166}"=EPSON Photo Print
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{0DEA94ED-915A-4834-A87E-388D012C8E02}"=Medal of Honor Allied Assault
"{0E0131B2-CF18-40D9-A331-60A3746C1204}"=EPSON Scan
"{109D28C7-FB38-483A-9C91-001CB59E2699}"=EPSON CardMonitor
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}"=Adobe Photoshop Album 2.0 Starter Edition
"{15D9EB74-998E-4A04-B468-51C2E7B32182}"=Microsoft Picture It! Publishing 2001
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}"=Medal of Honor Allied Assault™ Spearhead Patch 2.15
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{1D171963-9063-4423-898B-8EC4F1F190B7}"=EA downloader
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}"=Backup Dell-Installed Programs
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{34F85A4D-03CC-428A-80A4-880228646518}"=Safari
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3571656A-575D-4CED-809D-5547587121FF}"=Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{3884FCC0-9E16-423B-959A-FD77DD2F39E6}"=GuitarVision
"{3D719053-5593-11D3-8F25-0060085C1758}"=Microsoft Streets and Trips 2001
"{5ED20FB0-678F-41EE-9211-DC9C670FD193}"=Battlefield 1942 Multiplayer Demo
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}"=Microsoft Works Suite Add-in for Microsoft Word
"{609F7AC8-C510-11D4-A788-009027ABA5D0}"=Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}"=ArcSoft Software Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}"=EPSON Smart Panel
"{706D5382-7381-4680-9DD0-161832578252}"=DellTouch
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}"=RollerCoaster Tycoon 2
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}"=Medal of Honor Allied Assault™ Spearhead
"{7A837109-E671-470D-B489-F1EBE471D220}"=Windows Live Messenger
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}"=Medal of Honor Allied Assault™ Breakthrough
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8CC15633-2327-43F4-BA85-B83FDB4B59BE}"=Microsoft Broadband Networking
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}"=RollerCoaster Tycoon® 3
"{91120000-001A-0000-0000-0000000FF1CE}"=Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91190409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Publisher 2003
"{91E30409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0.8
"{AE704636-ECD0-426C-952E-05B8DABD1949}"=EPSON PhotoStarter3.2
"{B1AD83A0-DC92-41E3-B111-E9472349768C}"=RollerCoaster Tycoon 2: Wacky Worlds
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B6829D65-F5C5-47F0-00BC-F5906EA94F4C}"=Tiger Woods PGA TOUR 07
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}"=EPSON Copy Utility
"{B6D7A630-9136-490E-B190-D0E71813BCAE}"=Battlefield 1942 Singleplayer Demo
"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}"=RollerCoaster Tycoon 2: Time Twister
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}"=Works Synchronization
"{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}"=Medal of Honor Allied Assault™ Spearhead
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}"=Morrowind
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}"=Microsoft Money 2001
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}"=ABBYY FineReader 5.0 Sprint Plus
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD
"{DA932D71-E52A-43D5-009E-395A1AEC1474}"=The Sims™ Life Stories
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}"=TES Construction Set
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}"=Empire Earth II
"{DF9046D6-5F1F-40B6-9782-3DC2D902D391}"=Medal of Honor Allied Assault™ Breakthrough Patch v2.40
"{E4A0225B-A975-416C-8CF7-C1C025FD32D6}"=YP-U1
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}"=RCT3 Soaked
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F596C356-BF35-4ED7-981C-CC791461A8F0}"=Empire Earth II: The Art of Supremacy
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}"=Microsoft Works 6.0
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}"=Works Suite OS Pack
"{FE6EFF4B-3201-4C83-B12A-8192878B8047}"=DOM
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23"=EA SPORTS online 2007
"Action Replay Code Manager_is1"=Action Replay Code Manager
"Adobe AIR"=Adobe AIR
"Adobe Atmosphere Player"=Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"Age of Empires 2.0"=Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0"=Microsoft Age of Empires II: The Conquerors Expansion
"AgeOfCastles"=AgeOfCastles
"Anewsoft MP3 Recorder_is1"=Anewsoft MP3 Recorder 2.0
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"Call of Duty Game of the Year Edition"=Call of Duty Game of the Year Edition
"EPSON Printer and Utilities"=EPSON Printer Software
"FoneSync"=FoneSync
"GameSpy Arcade"=GameSpy Arcade
"GameSpy Software"=GameSpy Software
"Google Updater"=Google Updater
"Guild Wars"=Guild Wars
"HijackThis"=HijackThis 2.0.2
"InstallShield_{1D171963-9063-4423-898B-8EC4F1F190B7}"=EA downloader
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty® 2
"IrfanView"=IrfanView (remove only)
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Driver"=NVIDIA Display Driver
"NVIDIA Drivers"=NVIDIA Drivers
"OUTLOOKR"=Microsoft Office Outlook 2007 Trial
"RealPlayer 6.0"=RealPlayer Basic
"Silent Package Run-Time Sample"=EPSON SPRX600 Reference Guide
"WavePad"=WavePad Uninstall
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinAce Archiver"=WinAce Archiver
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WMV9_VCM"=Microsoft Windows Media Video 9 VCM
"Works2001Setup"=Microsoft Works 2001 Setup Launcher
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoo Tycoon 1.0"=Zoo Tycoon: Complete Collection

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2008 11:09:11 PM | Computer Name = HOME | Source = Application Error | ID = 1005
Description = Windows cannot access the file E:\Setup\rsrc\demo32.exe for one of
the following reasons: there is a problem with the network connection, the disk
that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program DemoShield Runtime Player because
of this error. Program: DemoShield Runtime Player File: E:\Setup\rsrc\demo32.exe The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 5

Error - 12/14/2008 11:09:18 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application demo32.exe, version 6.71.100.1130, faulting module
demo32.exe, version 6.71.100.1130, fault address 0x0002c5ea.

Error - 12/16/2008 8:24:53 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application PowerDVD.exe, version 6.0.0.2128, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/17/2008 6:51:30 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2008 2:19:49 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

Error - 12/27/2008 2:21:06 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

Error - 12/28/2008 4:07:42 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

Error - 12/28/2008 9:41:39 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

Error - 12/28/2008 9:42:35 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.2.exe, version 0.0.0.0, faulting module
libglib-2.0-0.dll, version 2.6.6.0, fault address 0x0004117d.

Error - 1/5/2009 3:19:38 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module acropdf.dll, version 7.0.8.0, fault address 0x0002fdb3.

[ System Events ]
Error - 1/4/2009 1:57:53 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 1:57:54 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/4/2009 2:00:58 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2


< End of report >


Here we go, hopefully we are making progress. :thumbsup:

#13 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:04:07 PM

Posted 06 January 2009 - 10:16 AM

Hello,

We are nearly done here! Your log indicates you are clean :thumbsup: However I'd like you to perform an online scan to make sure. First do the following:

Show Hidden Files


Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK

Kaspersky Scan

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


In your next reply, please post:
  • Kaspersky Report

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#14 bidi00

bidi00
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 07 January 2009 - 11:48 PM

Sorry i was unable to reply yesterday. The scan took about 6 1/2 hours but locked up at 94% the first time. I had to rerun it today and it was successful.

Looks like a couple of infections are still hanging out. Are those the .dll things i was seeing before?



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, January 7, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, January 07, 2009 14:07:16
Records in database: 1578450
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 141561
Threat name: 3
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 06:39:52


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\fusigagi.dll.vir Infected: Trojan-Downloader.Win32.BHO.afn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lokegepe.dll.vir Infected: Trojan-Downloader.Win32.BHO.afn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pajuwojo.dll.vir Infected: Trojan-Downloader.Win32.BHO.afm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\waremilo.dll.vir Infected: Trojan-Downloader.Win32.BHO.afn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wini10451631.exe.vir Infected: not-a-virus:Downloader.Win32.Agent.bs 1
C:\_OTMoveIt\MovedFiles\01052009_194438\WINDOWS\System32\gejanojo.dll.tmp Infected: Trojan-Downloader.Win32.BHO.afm 1
C:\_OTMoveIt\MovedFiles\01052009_194438\WINDOWS\System32\norefose.dll.tmp Infected: Trojan-Downloader.Win32.BHO.afm 1
C:\_OTMoveIt\MovedFiles\01052009_194438\WINDOWS\System32\sovowuyi.dll.tmp Infected: Trojan-Downloader.Win32.BHO.afn 1
C:\_OTMoveIt\MovedFiles\01052009_194438\WINDOWS\System32\yetugayu.dll.tmp Infected: Trojan-Downloader.Win32.BHO.afm 1

The selected area was scanned.

#15 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:04:07 PM

Posted 08 January 2009 - 06:45 AM

Congratulations you are now clean! :thumbsup:

All of the files found, are located in quarantined folders created by the Programs we have used (ComboFix and OTMoveIt) so other than those, you have no other infected files on your system - you are clean :) Be sure to follow the cleanup instructions below to remove these programs and their quarantined items.

The scan shouldn't have taken that long :) , I've heard the Kaspersky online scan has caused some trouble recently so don't worry about it :)

Lets tidy up our mess:

Uninstall ComboFix
  • Go to Start, then click Run
  • In the box, type: Combofix /u
  • Press Enter and ComboFix will uninstall.
OTCleanIt

Download OTCleanIt from here & save it to your desktop.
Double click on OTCleanIt.exe. Click on CleanUp!.
You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.

Other Deletions

Locate where you saved RSIT.exe, right click the file and select Delete.

Hide Hidden Files


Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
tick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
Make sure this option is not selected:
  • Show hidden files and folders
Click Apply and then click OK


Follow this list and your potential for being infected again will be reduced dramatically.

Disable and Enable System Restore.

You should disable and re-enable system restore to make sure there are no infected files found in a restore point. It would probably be a good idea to make a new restore point now, since you are clean.

You can find instructions on how to disable and re-enable system restore here:

Windows XP System Restore Guide

Visit Microsoft's Windows Update Site Frequently
  • It is important that you visit http://www.windowsupdate.com regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Next, I would recommend the download and installation of some or all of the following programs, and the updating of them regularly

Install SUPERAntiSpyware - Install and download SUPERAntiSpyware.
  • You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
  • Information on installing & using this product can be found here:
  • Click here for more info -->SUPERAntiSpyware official site
Install Javacools� SpywareBlaster
  • SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
  • A article on anti-malware products with links for this program and others can be found here:
  • Click here for more info -->Computer Safety on line - Anti-Malware
Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

Glad I could Help :)
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users