Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde (?) Infection Help


  • This topic is locked This topic is locked
23 replies to this topic

#1 SirRoundSound

SirRoundSound

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 12 February 2009 - 11:59 PM

Hi! This is my first post here, so I'm sorry if I fail to properly conform with protocol as a result of my ignorance. I'm no Windows expert, and especially not when it comes to removing Malware, so please also excuse any misinformed newbie mistakes I make.

I've recently been infected with a virus. Upon scanning with SpyBot, Ad-Aware, and MBAM, twice, and disabling System Restore, I've discovered that the virus is Virtumonde, and I believe I've done all I can on my own to stop its trespasses, having deleted all of the infected items these scans have produced. I've restarted my machine more times tonight than I probably have in a year.

I've managed to stop the popups from appearing, and the performance of my machine is back up to where it was (perhaps even a little better), but one problem persists: My Google results are being redirected to other webpages, be they search engines, or offers for anti-virus software, or job search websites, or whathaveyou. I am sure this is a familiar symptom of Virtumonde, or maybe even a worse problem.

Anyway, having scanned and re-scanned my hard drive with no results, I decided to download HJT in my frustration and post a log here, as per a friend's suggestion. This is the data produced by said log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:58 PM, on 2/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebportal.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {4bf4d12c-ccf3-4c42-9306-e9da2d4bdd5a} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7be1e3d2-0922-49e3-a982-1c7202d62a08} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [subugatuye] Rundll32.exe "C:\WINDOWS\system32\zigomobo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O20 - AppInit_DLLs: njgfat.dll c:\windows\system32\yuzizowa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 14235 bytes

If these results have indicated the source of my problem, what should I do to resolve it? Any help would be highly appreciated.

And once again, please pardon any novice errors. Thank you. =]

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 13 February 2009 - 07:45 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 SirRoundSound

SirRoundSound
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 13 February 2009 - 03:10 PM

MBAM Log:

Malwarebytes' Anti-Malware 1.34
Database version: 1756
Windows 5.1.2600 Service Pack 3

2/13/2009 1:35:03 PM
mbam-log-2009-02-13 (13-35-03).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 346277
Time elapsed: 1 hour(s), 41 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 SirRoundSound

SirRoundSound
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 13 February 2009 - 03:17 PM

I downloaded RSIT, and after trying to run it three times, I was always confronted with the same error message:

Posted Image

I was thus unable to produce either the "log" or "info" files therewith associated.

#5 SirRoundSound

SirRoundSound
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 13 February 2009 - 03:23 PM

Attached herein is the GMER result.

Attached Files

  • Attached File  gmer.txt   43.06KB   25 downloads


#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 13 February 2009 - 03:46 PM

Please restart your computer. Before running a new scan let's clean out the temporary folders.

Please download CleanUp! by stevengould.org and save it to your Desktop.
  • Double-click CleanUp452.exe and install CleanUp! to your computer
  • Open CleanUp! and click on Options.. button.
  • Under General tab, choose Standard CleanUp! and then click Ok
  • Click on the CleanUp! button. When it asked you to logoff Windows, click on Yes
  • Let your Windows rebooted (or do it manually) and continue with the next step


Now download OTScanIt2.exe and unzip it to your Desktop..

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • At the top, tick on Scan All Users section
  • At File Age set it to 90 Days
  • In the Processes, Services, Drivers and Registry section, please set on Safe List.
  • In the Rootkit Search section, set to Yes
  • In the Files Created Within and Files Modified Within section, set it to WhiteList/File Age
  • At the bottom, tick on all Use WhiteList and Include All Unicode Names option
  • Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
    • Reg - IE Explorer Bars
      Reg - NetSvcs
      Reg - Tcpip Persistent Routers
      File - Lop Check
      File - Purity Scan
  • Do NOT change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Attach the log in your next replies.. Don't post it.. It will be too large to fit into a single post..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 SirRoundSound

SirRoundSound
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 13 February 2009 - 04:45 PM

Attached herein is the OTScanIt log.

Attached Files



#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 13 February 2009 - 05:30 PM

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go HERE and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
For detailed instruction on how to back-up registry via ERUNT, please visit HERE






Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).

Copy/Paste the information in the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {4bf4d12c-ccf3-4c42-9306-e9da2d4bdd5a} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {7be1e3d2-0922-49e3-a982-1c7202d62a08} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2083699635-257400747-3854180032-500\] > -> HKEY_USERS\S-1-5-21-2083699635-257400747-3854180032-500\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "subugatuye" -> %SystemRoot%\system32\zigomobo.DLL [Rundll32.exe "C:\WINDOWS\system32\zigomobo.dll",s]
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "subugatuye" -> %SystemRoot%\system32\zigomobo.DLL [Rundll32.exe "C:\WINDOWS\system32\zigomobo.dll",s]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {4982D40A-C53B-4615-B15B-B5B5E98D167C}:{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Button: AOL Toolbar]
YN -> {4982D40A-C53B-4615-B15B-B5B5E98D167C}: [HKLM] -> [Menu: AOL Toolbar]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> njgfat.dll -> 
YY -> c:\windows\system32\yuzizowa.dll -> %SystemRoot%\system32\yuzizowa.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Drives with AutoRun files > -> 
YY -> D:\Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ] -> D:\Autorun.inf [ FAT32 ]
NY -> K:\AutoRunMorrowind.exe [MZ | ] -> K:\AutoRunMorrowind.exe [ CDFS ]
NY -> K:\autorun.inf [[autorun] | open=AutoRunMorrowind.exe | icon=AutoRunMorrowind.exe,0 | label=Morrowind | shell\install=Install Morrowind | shell\install\command=Setup.exe | ] -> K:\autorun.inf [ CDFS ]
NY -> S:\autorun.exe [MZ | ] -> S:\autorun.exe [ CDFS ]
NY -> S:\autorun.inf [[autorun] | open=autorun.exe | icon=JediAcademy.exe | ] -> S:\autorun.inf [ CDFS ]
YY -> S:\autorun.ini [; Smart CD Autorun Launcher |; by Dipl.-Ing. Stefan Krueger |; <skrueger@installsite.org> |  | [Application] |; Enter the registry location of for your application's App Path entry under  |; HKEY_LOCAL_MACHINE. InstallShield creates this entry with the call  |; RegDBSetItem( REGDB_APPPATH_DEFAULT, szAppPath ^ @PRODUCT_KEY ); |; RegKey="" |  |; Should application be started automatically if it is already installed? |; (Boolean: 0 or 1) | Start=0 |  | [Setup] |; Specify absolute path to your main setup program. The drive letter (with  |; colon) will be prepended automatically |; You can also add command line parameters. Example: |; Run=\setup.exe  |; Do not use long file names! | Run=Bin\autorun.exe |  |; Specify your splash screen's window class. Required to prevent launching of multiple  |; instances of setup if CD is removed and re-inserted during installation. | WindowClass=CltWin:400000:8:1456:0:7397 |  |; Additionally specify your setup's window title (optional) |; WindowT -> 
NY -> itle= |  | ] -> S:\autorun.ini [ CDFS ]
[Files/Folders - Created Within 90 Days]
NY -> yizayufe -> %SystemRoot%\System32\yizayufe
NY -> {3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> %AllUsersProfile%\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[Files/Folders - Modified Within 90 Days]
NY -> yizayufe -> %SystemRoot%\System32\yizayufe
[Alternate Data Streams]
NY -> @Alternate Data Stream - 122 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF
[CatchMe Rootkit Scan by GMER]
NY -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF 122 bytes -> 
[Purity]
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here. I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 SirRoundSound

SirRoundSound
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 13 February 2009 - 08:06 PM

I pasted the fix, then clicked "Run Fix". The fix closed Explorer, and then OTScanIt2 became non-responsive for a very long time.

Since you said the fix was supposed to not take long, I became concerned and used Task Manager to bring up Firefox so I could access BleepingComputer. At the moment, I am running Firefox without Explorer, and with the non-responsive OTScanIt2 running. What should I do now?

EDIT: I decided to just cancel the OTScanIt2 process and restart my computer. When I tested Google, the redirecting problem persisted. What should I try next?

Edited by SirRoundSound, 13 February 2009 - 09:04 PM.


#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 14 February 2009 - 02:30 AM

Kill the OTScanIt2 process via Task Manager.. Then do below...

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under File Scans, change it to 90 Days
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 SirRoundSound

SirRoundSound
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 14 February 2009 - 12:43 PM

OTListIt2.Txt:

OTListIt logfile created on: 2/14/2009 12:31:02 PM - Run
OTListIt2 by OldTimer - Version 2.0.0.11 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.93% Memory free
2.60 Gb Paging File | 2.06 Gb Available in Paging File | 79.42% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.46 Gb Total Space | 7.29 Gb Free Space | 5.01% Space Free | Partition Type: NTFS
Drive D: | 3.58 Gb Total Space | 1.80 Gb Free Space | 50.25% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 111.78 Gb Total Space | 60.10 Gb Free Space | 53.76% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 583.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive S: | 590.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BRIAN
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 90 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - c:\Program Files\McAfee.com\Agent\Mcdetect.exe (McAfee, Inc)
PRC - c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
PRC - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe (McAfee Inc.)
PRC - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe (Netscape Communications Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
PRC - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
PRC - C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
PRC - C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
PRC - c:\Program Files\McAfee.com\VSO\McVSEscn.exe (McAfee, Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe (McAfee Security)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
PRC - C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\BigFix\BigFix.exe (BigFix Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - c:\Program Files\McAfee.com\VSO\mcvsftsn.exe (McAfee, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Avg7Alrt [Auto | Stopped]) -- File not found
SRV - (Avg7UpdSvc [Auto | Stopped]) -- File not found
SRV - (AVGEMS [Auto | Stopped]) -- File not found
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (IISADMIN [Auto | Running]) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (McDetect.exe [Auto | Running]) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe (McAfee, Inc)
SRV - (McShield [On_Demand | Stopped]) -- c:\Program Files\McAfee.com\VSO\McShield.exe (McAfee Inc.)
SRV - (McTskshd.exe [Auto | Running]) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
SRV - (mcupdmgr.exe [On_Demand | Stopped]) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)
SRV - (MpfService [On_Demand | Running]) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
SRV - (MskService [Auto | Running]) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe (McAfee Inc.)
SRV - (MSMQ [Auto | Running]) -- C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)
SRV - (MSMQTriggers [Auto | Running]) -- C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)
SRV - (NCUpdateSvc [Auto | Running]) -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe (Netscape Communications Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (PrismXL [Auto | Running]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (SMTPSVC [Auto | Running]) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SNMP [Auto | Running]) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (SNMPTRAP [On_Demand | Stopped]) -- C:\WINDOWS\system32\snmptrap.exe (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (W3SVC [Auto | Running]) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WudfSvc [Auto | Running]) -- C:\WINDOWS\system32\WudfSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\drivers\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.)
DRV - (Avg7Core [System | Running]) -- C:\WINDOWS\system32\drivers\avg7core.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsW [System | Running]) -- C:\WINDOWS\system32\drivers\avg7rsw.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsXP [System | Running]) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys (GRISOFT, s.r.o.)
DRV - (AvgClean [System | Running]) -- C:\WINDOWS\system32\drivers\avgclean.sys (GRISOFT, s.r.o.)
DRV - (AvgTdi [Auto | Running]) -- C:\WINDOWS\system32\drivers\avgtdi.sys (GRISOFT, s.r.o.)
DRV - (b57w2k [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (d347bus [Boot | Running]) -- C:\WINDOWS\system32\drivers\d347bus.sys ( )
DRV - (d347prt [Boot | Running]) -- C:\WINDOWS\system32\drivers\d347prt.sys ( )
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\drivers\dac2w2k.sys (Mylex Corporation)
DRV - (DC21x4 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\dc21x4.sys (Intel Corporation.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (gmer [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\gmer.sys (GMER)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (MPFIREWL [System | Running]) -- C:\WINDOWS\system32\drivers\MpFirewall.sys (McAfee)
DRV - (MQAC [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.)
DRV - (MSICPL [On_Demand | Stopped]) -- C:\WINDOWS\system32\msicpl.dll (MSI)
DRV - (NaiAvFilter1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\naiavf5x.sys (McAfee Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (PRISM_USB [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\DELUSB_51.sys (DELL Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation)
DRV - (RMCAST [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfng32 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\drivers\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SunkFilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Symmpi [Boot | Running]) -- C:\WINDOWS\system32\drivers\symmpi.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.)
DRV - (ViaIde [Boot | Running]) -- C:\WINDOWS\system32\drivers\viaidexp.sys (VIA Technologies, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (WS2IFSL [System | Running]) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebportal.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (292204 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.3dluder.com
O1 - Hosts: 127.0.0.1 www.3dslut.com
O1 - Hosts: 127.0.0.1 www.3dbilling.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 10060 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PBlockHelper Class) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll (planetscott.ca)
O2 - BHO: (McAfee Anti-Phishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" ()
O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 (DAEMON'S HOME)
O4 - HKLM..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe" (BillP Studios)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup (McAfee, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask (McAfee, Inc.)
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" (DT Soft Ltd.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [OTScanIt] "C:\Documents and Settings\Administrator\Desktop\OTScanIt2\OTScanIt2.exe" (OldTimer Tools)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\BigFix.exe (BigFix Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\system32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\system32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ]
O32 - Autorun File - F:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - K:\AutoRunMorrowind.exe () - [ CDFS ]
O32 - Autorun File - K:\autorun.inf () - [ CDFS ]
O32 - Autorun File - S:\autorun.exe (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) - [ CDFS ]
O32 - Autorun File - S:\autorun.inf () - [ CDFS ]
O32 - Autorun File - S:\autorun.ini () - [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

========== Files/Folders - Created Within 90 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/02/14 12:29:59 | 00,491,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/02/13 22:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\websites
[2009/02/13 19:15:37 | 00,000,000 | ---D | C] -- C:\_OTScanIt
[2009/02/13 19:13:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/02/13 19:12:45 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/02/13 19:12:27 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/02/13 19:12:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/02/13 19:12:04 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2009/02/13 16:08:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OTScanIt2
[2009/02/13 16:07:58 | 00,656,714 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTScanIt2.exe
[2009/02/13 15:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/02/13 15:58:28 | 00,339,257 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CleanUp452.exe
[2009/02/13 14:44:54 | 00,088,482 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\rsit.jpg
[2009/02/13 14:40:42 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/02/13 14:40:41 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/02/13 14:40:41 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/02/13 14:40:41 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/02/13 14:40:41 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/02/13 14:40:04 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2009/02/13 13:36:12 | 00,000,000 | ---D | C] -- C:\rsit
[2009/02/13 13:35:50 | 00,781,851 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe
[2009/02/13 13:25:09 | 00,183,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\960_download.zip
[2009/02/12 23:19:58 | 00,760,344 | ---- | C] (XBlock.com) -- C:\Documents and Settings\Administrator\Desktop\xclean_micro.exe
[2009/02/12 23:10:03 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/12 22:57:37 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/02/12 22:57:17 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/12 22:55:39 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/02/12 22:55:38 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/02/12 22:55:33 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/02/12 22:55:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/02/12 22:26:14 | 00,031,921 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\remove-vundo-virtumonde.htm
[2009/02/12 22:26:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\remove-vundo-virtumonde_files
[2009/02/12 22:25:33 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/02/12 21:40:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/02/12 21:40:05 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/12 21:40:05 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/12 21:40:02 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/12 21:40:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/12 21:40:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/12 21:39:30 | 02,876,728 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/02/12 20:38:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\dds
[2009/02/12 20:30:59 | 00,368,961 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/02/12 20:08:45 | 00,000,153 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/12 20:03:20 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/02/12 20:03:20 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/12 20:01:46 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/02/12 18:44:22 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/02/12 18:44:16 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/12 18:44:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/02/12 18:42:23 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2009/02/12 18:38:30 | 34,543,112 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareAE.exe
[2009/02/12 18:36:56 | 00,811,794 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20090212_183653.reg
[2009/02/12 18:15:47 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2009/02/12 18:15:47 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/02/12 18:14:07 | 03,171,208 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup216.exe
[2009/02/12 18:04:28 | 01,230,368 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Administrator\Desktop\DMSetup.exe
[2009/02/12 13:38:12 | 00,002,365 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2009/02/11 21:00:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\meatrachels
[2009/02/11 17:46:01 | 00,395,385 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\talktosuckas.mp3
[2009/02/10 22:59:58 | 01,665,922 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\something.psd
[2009/02/10 20:14:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2009/02/10 20:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2009/02/10 15:20:57 | 25,205,424 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\border7_02.rar
[2009/02/10 15:11:47 | 05,299,468 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\bj24h1.rar
[2009/02/09 23:15:46 | 00,181,998 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\peoplesreviews.jpg
[2009/02/08 17:36:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ADVENTUREDAY
[2009/02/02 18:16:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Spore Creations
[2009/02/02 18:16:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SPORE
[2009/02/02 18:15:50 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data\SecuROM
[2009/02/02 16:00:48 | 00,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SPORE™.lnk
[2009/01/27 16:19:55 | 01,423,606 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ooowwww.wav
[2009/01/26 17:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Songbird2
[2009/01/26 17:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Songbird2
[2009/01/26 17:41:56 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Songbird.lnk
[2009/01/26 17:41:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2009/01/26 17:41:12 | 00,000,000 | ---D | C] -- C:\Program Files\Songbird
[2009/01/26 02:36:06 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$ARNING.doc
[2009/01/24 12:45:44 | 00,110,412 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\starwarsy.jpg
[2009/01/24 11:49:20 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/01/24 11:49:20 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/01/24 11:49:20 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/01/23 00:38:53 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\manifesto.doc
[2009/01/17 08:06:42 | 00,044,163 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\myuglyass.jpg
[2009/01/17 07:55:12 | 00,001,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2009/01/17 07:54:31 | 00,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller
[2009/01/17 07:54:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/01/17 07:54:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2009/01/10 16:57:46 | 00,022,530 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\meh.jpg
[2009/01/10 16:51:15 | 00,105,765 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\atgrims2.jpg
[2009/01/10 16:45:10 | 00,232,272 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\atgrims.jpg
[2009/01/08 02:04:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Move Networks
[2009/01/07 02:07:18 | 00,216,015 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\templatedragonborn.jpg
[2009/01/07 00:47:05 | 00,876,782 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\templates.pdf
[2009/01/06 03:03:37 | 00,199,151 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\charactersheet4e.pdf
[2009/01/04 23:54:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/01/04 17:48:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/01/04 17:48:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/01/04 17:48:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/01/04 17:48:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/01/04 17:45:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/01/04 17:36:59 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/12/24 19:10:12 | 12,324,416 | ---- | C] (POTI, Inc.) -- C:\Documents and Settings\Administrator\Desktop\Songbird_1.0.0-860_windows-i686-msvc8.exe
[2008/12/13 14:04:04 | 02,387,459 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\narhin.zip
[2008/12/13 14:03:24 | 06,676,217 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\onen.zip
[2008/12/09 00:15:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\jangotemp
[2008/12/09 00:14:45 | 01,477,812 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Jango_Fett__Armor_Small.zip
[2008/12/09 00:01:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\customhat1
[2008/12/07 20:46:51 | 00,027,568 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\magicman.jpg
[2008/12/07 20:46:40 | 00,036,396 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\laughingbleep.jpg
[2008/12/07 20:41:21 | 00,076,281 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ashleighandi.jpg
[2008/12/07 20:37:09 | 00,032,979 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\rachelandi.jpg
[2008/12/07 02:05:23 | 00,235,534 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mandalorians5.png
[2008/12/07 01:32:12 | 00,104,828 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mandalorians4.gif
[2008/12/07 01:29:29 | 00,458,801 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mandalorians3.jpg
[2008/12/07 01:24:04 | 00,250,555 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mandalorians2.jpg
[2008/12/07 01:15:00 | 00,042,990 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mandalorian_skull.jpg
[2008/12/07 01:12:47 | 00,076,381 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mandalorians_by_avaccus.jpg
[2008/12/05 16:30:32 | 17,957,7694 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\amyvideos.zip
[2008/11/28 23:37:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2008/11/28 23:36:45 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/11/28 23:36:42 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/11/28 23:36:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/28 23:36:26 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/11/28 23:35:37 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/11/28 23:35:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/11/28 23:34:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2008/11/28 23:34:55 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/11/28 23:34:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/11/28 23:34:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/11/28 23:33:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2008/11/28 22:18:24 | 29,423,841 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\troops.zip
[2008/11/27 23:32:02 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Child abuse.doc
[2008/11/25 23:40:05 | 00,284,672 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\CI FLYER-NEW.doc
[2008/11/24 23:07:18 | 00,170,746 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Recruitment_Brochure_IOC.pdf
[2008/11/20 16:38:11 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/11/20 16:38:11 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

========== Files - Modified Within 90 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/02/14 12:30:00 | 00,491,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/02/14 12:29:24 | 00,001,622 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Trillian.lnk
[2009/02/14 07:45:02 | 00,000,845 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/14 07:44:53 | 00,220,160 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/02/14 07:43:55 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/14 07:40:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/14 07:40:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/13 23:52:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/02/13 23:52:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/02/13 19:12:45 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/02/13 19:12:27 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/02/13 19:12:09 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2009/02/13 16:08:00 | 00,656,714 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTScanIt2.exe
[2009/02/13 16:06:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/02/13 16:06:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/02/13 15:58:29 | 00,339,257 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CleanUp452.exe
[2009/02/13 15:57:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/02/13 15:57:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/02/13 14:47:16 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/02/13 14:46:25 | 00,088,482 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\rsit.jpg
[2009/02/13 14:40:41 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/02/13 14:40:41 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/02/13 14:40:41 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/02/13 14:40:11 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2009/02/13 14:06:21 | 00,292,204 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/02/13 13:53:29 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/13 13:35:52 | 00,781,851 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe
[2009/02/13 13:25:12 | 00,183,607 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\960_download.zip
[2009/02/13 11:50:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/02/13 11:50:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/02/12 23:20:03 | 00,760,344 | ---- | M] (XBlock.com) -- C:\Documents and Settings\Administrator\Desktop\xclean_micro.exe
[2009/02/12 23:15:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/02/12 23:15:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/02/12 23:00:57 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/02/12 23:00:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/02/12 22:57:43 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/02/12 22:57:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/02/12 22:57:18 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/12 22:57:01 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/12 22:56:55 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/02/12 22:55:38 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/02/12 22:26:15 | 00,031,921 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\remove-vundo-virtumonde.htm
[2009/02/12 22:15:55 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\yizayufe
[2009/02/12 21:40:05 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/12 21:39:36 | 02,876,728 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/02/12 20:31:01 | 00,368,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/02/12 20:08:47 | 00,000,153 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/02/12 20:03:20 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/02/12 20:01:46 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/02/12 18:44:46 | 34,543,112 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareAE.exe
[2009/02/12 18:44:22 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/02/12 18:43:00 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2009/02/12 18:37:16 | 00,811,794 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20090212_183653.reg
[2009/02/12 18:15:47 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2009/02/12 18:14:07 | 03,171,208 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup216.exe
[2009/02/12 18:04:29 | 01,230,368 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Administrator\Desktop\DMSetup.exe
[2009/02/12 14:24:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/02/12 14:24:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/02/12 13:38:12 | 00,002,365 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2009/02/12 11:44:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/02/12 11:44:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/02/11 23:10:44 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/11 22:39:07 | 00,104,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/11 17:46:08 | 00,395,385 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\talktosuckas.mp3
[2009/02/11 11:48:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/02/11 11:48:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/10 23:00:01 | 01,665,922 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\something.psd
[2009/02/10 15:24:27 | 25,205,424 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\border7_02.rar
[2009/02/10 15:12:29 | 05,299,468 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\bj24h1.rar
[2009/02/10 11:45:59 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/02/10 11:45:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/02/09 23:15:48 | 00,181,998 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\peoplesreviews.jpg
[2009/02/09 12:05:39 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/02/09 12:05:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/02/08 11:19:39 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/02/08 11:19:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/02/08 01:33:07 | 02,648,552 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/02/07 16:19:04 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/02/07 16:19:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/02/07 15:55:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/02/07 15:55:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/02/06 17:05:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/02/06 17:05:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/02/06 11:36:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/02/06 11:36:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/02/05 11:46:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/02/05 11:46:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/02/04 08:04:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/02/04 08:04:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/02/02 18:15:49 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/02/02 16:00:48 | 00,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SPORE™.lnk
[2009/02/02 06:48:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/02/02 06:48:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/01/27 16:19:55 | 01,423,606 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ooowwww.wav
[2009/01/26 17:41:56 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Songbird.lnk
[2009/01/26 02:36:06 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$ARNING.doc
[2009/01/24 12:45:45 | 00,110,412 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\starwarsy.jpg
[2009/01/24 11:28:53 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\manifesto.doc
[2009/01/21 05:08:19 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/01/19 00:37:22 | 00,000,591 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2009/01/17 08:06:43 | 00,044,163 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\myuglyass.jpg
[2009/01/17 07:55:13 | 00,001,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/01/10 16:57:48 | 00,022,530 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\meh.jpg
[2009/01/10 16:51:17 | 00,105,765 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\atgrims2.jpg
[2009/01/10 16:45:12 | 00,232,272 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\atgrims.jpg
[2009/01/07 02:07:19 | 00,216,015 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\templatedragonborn.jpg
[2009/01/07 00:47:09 | 00,876,782 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\templates.pdf
[2009/01/06 03:03:41 | 00,199,151 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\charactersheet4e.pdf
[2009/01/06 03:00:46 | 02,006,072 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2009/01/04 23:54:18 | 00,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/04 17:58:47 | 00,559,276 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/04 17:58:47 | 00,465,764 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/04 17:58:47 | 00,083,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/04 17:41:45 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/12/24 19:10:54 | 12,324,416 | ---- | M] (POTI, Inc.) -- C:\Documents and Settings\Administrator\Desktop\Songbird_1.0.0-860_windows-i686-msvc8.exe
[2008/12/20 18:15:41 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2008/12/20 18:15:41 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2008/12/20 18:15:40 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2008/12/20 18:15:40 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2008/12/20 18:15:40 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll
[2008/12/20 18:15:40 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2008/12/20 18:15:39 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2008/12/20 18:15:39 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2008/12/20 18:15:38 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll
[2008/12/20 18:15:38 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2008/12/20 18:15:38 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2008/12/20 18:15:38 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2008/12/20 18:15:32 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2008/12/20 18:15:32 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2008/12/20 18:15:31 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2008/12/20 18:15:31 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2008/12/20 18:15:30 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2008/12/20 18:15:30 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2008/12/20 18:15:24 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2008/12/20 18:15:24 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/12/20 18:15:23 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2008/12/20 18:15:23 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2008/12/20 18:15:23 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2008/12/20 18:15:23 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/12/20 18:15:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2008/12/20 18:15:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2008/12/20 18:15:22 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2008/12/20 18:15:22 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/12/20 18:15:21 | 06,066,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/12/20 18:15:21 | 06,066,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/12/20 18:15:21 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2008/12/20 18:15:21 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2008/12/20 18:15:16 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2008/12/20 18:15:16 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2008/12/20 18:15:15 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2008/12/20 18:15:15 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/12/20 18:15:14 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2008/12/20 18:15:14 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2008/12/20 18:15:14 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2008/12/20 18:15:14 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2008/12/20 18:15:13 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2008/12/20 18:15:13 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2008/12/20 18:15:13 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\extmgr.dll
[2008/12/20 18:15:13 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2008/12/20 18:15:13 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2008/12/20 18:15:13 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/12/20 18:15:12 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2008/12/20 18:15:12 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2008/12/20 18:15:11 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2008/12/20 18:15:11 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2008/12/19 04:10:15 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2008/12/19 04:10:15 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2008/12/19 04:10:15 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2008/12/19 04:10:15 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/12/19 00:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2008/12/19 00:23:56 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2008/12/19 00:23:56 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2008/12/16 22:39:02 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ordsstorylinenbleep.doc
[2008/12/13 14:04:19 | 02,387,459 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\narhin.zip
[2008/12/13 14:04:10 | 06,676,217 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\onen.zip
[2008/12/11 05:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/12/11 05:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/12/09 00:14:50 | 01,477,812 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Jango_Fett__Armor_Small.zip
[2008/12/07 20:46:52 | 00,027,568 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\magicman.jpg
[2008/12/07 20:46:41 | 00,036,396 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\laughingbleep.jpg
[2008/12/07 20:41:21 | 00,076,281 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ashleighandi.jpg
[2008/12/07 20:37:10 | 00,032,979 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\rachelandi.jpg
[2008/12/07 02:05:27 | 00,235,534 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mandalorians5.png
[2008/12/07 01:32:22 | 00,104,828 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mandalorians4.gif
[2008/12/07 01:29:31 | 00,458,801 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mandalorians3.jpg
[2008/12/07 01:24:06 | 00,250,555 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mandalorians2.jpg
[2008/12/07 01:18:21 | 00,042,990 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mandalorian_skull.jpg
[2008/12/07 01:12:47 | 00,076,381 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mandalorians_by_avaccus.jpg
[2008/12/05 16:55:01 | 17,957,7694 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\amyvideos.zip
[2008/11/28 23:06:08 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/11/28 22:28:04 | 29,423,841 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\troops.zip
[2008/11/28 00:10:36 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Child abuse.doc
[2008/11/25 23:40:05 | 00,284,672 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\CI FLYER-NEW.doc
[2008/11/24 23:07:21 | 00,170,746 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Recruitment_Brochure_IOC.pdf
[2008/11/20 16:38:11 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

========== LOP Check ==========

[2009/02/13 13:41:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data
[2008/07/16 14:42:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/03/28 13:49:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM
[2006/11/06 18:06:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aim
[2008/11/28 23:57:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2007/05/06 10:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG7
[2006/11/16 19:41:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2008/02/06 16:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
[2006/11/13 16:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DivX
[2008/01/15 19:59:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2008/06/22 19:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Google
[2007/07/10 01:02:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Help
[2007/12/27 14:48:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HP
[2008/09/20 17:08:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HPAppData
[2005/05/30 17:30:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2006/12/25 07:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2006/11/24 21:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/02/12 21:40:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2007/05/01 22:36:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
[2006/11/30 15:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2009/02/09 23:48:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/01/08 02:45:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Move Networks
[2008/08/28 19:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2007/06/28 00:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
[2006/11/11 03:28:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2008/04/16 20:19:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Petroglyph
[2007/08/05 15:20:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Real
[2006/11/06 18:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2009/02/02 18:15:50 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data\SecuROM
[2006/11/28 18:00:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2009/01/26 17:42:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Songbird2
[2009/02/02 18:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SPORE
[2006/11/11 17:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2006/12/25 11:12:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\System Requirements Lab
[2008/11/28 00:52:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2006/11/06 17:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Talkback
[2007/01/16 22:30:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2007/08/26 12:00:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2006/11/16 19:30:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2006/11/06 18:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
[2009/02/12 22:55:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/28 23:37:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/02/12 22:55:39 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2006/12/25 11:55:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/11/10 20:26:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2007/04/18 17:14:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2006/11/06 18:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/11/28 23:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/11/28 23:36:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/05/08 17:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2006/11/16 19:40:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/02/06 16:13:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/01/11 16:34:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/02/13 19:55:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2007/05/02 16:46:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/12/25 20:53:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2007/12/25 20:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2007/12/25 20:47:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2007/12/25 20:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
[2009/02/12 22:57:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/02/12 21:40:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2007/12/30 20:43:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2007/04/05 15:41:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2008/11/29 12:58:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2009/02/02 16:00:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/11/12 23:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2006/11/06 17:47:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2006/11/06 17:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2006/11/06 18:06:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2006/12/31 14:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/01/26 17:41:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2009/02/12 18:48:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/02/09 22:59:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/25 20:54:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2006/11/12 14:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/01/14 17:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/01/17 07:54:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2009/02/12 22:57:18 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/04 21:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/02/14 07:40:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable
< End of report >

#12 SirRoundSound

SirRoundSound
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 14 February 2009 - 12:44 PM

Extras.Txt:

OTListIt Extras logfile created on: 2/14/2009 12:31:02 PM - Run
OTListIt2 by OldTimer - Version 2.0.0.11 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.93% Memory free
2.60 Gb Paging File | 2.06 Gb Available in Paging File | 79.42% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.46 Gb Total Space | 7.29 Gb Free Space | 5.01% Space Free | Partition Type: NTFS
Drive D: | 3.58 Gb Total Space | 1.80 Gb Free Space | 50.25% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 111.78 Gb Total Space | 60.10 Gb Free Space | 53.76% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 583.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive S: | 590.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BRIAN
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 90 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL (America Online, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL (America Online, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype ()
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe File not found
C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe File not found
C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe File not found
C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe File not found
C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA ()
C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB ()
C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars™: Empire at War™ (Lucasfilm Entertainment Company, Ltd.)
C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:*:Enabled:Star Wars™: Republic Commando™ ()
C:\Program Files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:*:Enabled:Star Wars™: Battlefront™ ()
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3D008E41-F84D-4CC1-A8CF-B8419E51ACDF}" = Intel Audio Studio
"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6C5930D1-E4BC-4A10-AB5A-224C48CBA7E6}" = America's Army
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}" = GWCares
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6B69D92-6CD8-4086-8D1D-7945BDA4AE5A}" = F4100_Help
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.1.5.173
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{C9D88AF8-7B0A-4200-BFBC-7827A7535096}" = F4100_doccd
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8FED11D-3584-4a72-8B26-E0951B655797}" = F4100
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}" = Netscape Internet Service
"{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}" = Netscape Web Accelerator
"123 AVI to GIF Converter_is1" = 123 AVI to GIF Converter 3.0
"7-Zip" = 7-Zip 4.42
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agfa ScanWise 2.00" = Agfa ScanWise 2.00
"AGFAnet Print Service" = AGFAnet Print Service
"America Online us" = America Online (Choose which version to remove)
"AOK Mod Pack Studio" = AOK Mod Pack Studio
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Toolbar" = AOL Toolbar
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"Atomic RAR Password Recovery_is1" = Atomic RAR Password Recovery 1.20
"Audio MP3 Sound Recorder" = Audio MP3 Sound Recorder
"AVG7Uninstall" = AVG 7.5
"BigFix" = BigFix
"Blender" = Blender (remove only)
"BlenderNIFScripts" = Blender NIF Scripts (remove only)
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"Combined Community Codec Pack" = Combined Community Codec Pack 2006-07-28 (Remove Only)
"Diablo II" = Diablo II
"DivX Content Uploader" = DivX Content Uploader
"DVD Identifier_is1" = DVD Identifier
"ERUNT_is1" = ERUNT 1.1j
"Final Fantasy VII_is1" = Final Fantasy VII - Ultima Edition
"FLV Player1.33" = FLV Player
"Fraps" = Fraps (remove only)
"Freez DVD Ripper_is1" = Freez DVD Ripper v1.5
"Freez FLV to MP3 Converter V1.2_is1" = Freez FLV to MP3 Converter
"GoldWave v5.22" = GoldWave v5.22
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"IrfanView" = IrfanView (remove only)
"Ivellon_is1" = Ivellon 1.5 English
"Luder3D" = 3D Slut Plugin
"Mafia 1.3" = Mafia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Myst for Windows 95" = Myst for Windows 95
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"Network Play System (Patching)" = Network Play System (Patching)
"NifSkope" = NifSkope (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetupTemp.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Oblivion mod manager_is1" = Oblivion mod manager 0.9.11
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OGM TO AVI CONVERTER_is1" = OGM TO AVI CONVERTER version 3.0
"Port Magic" = Pure Networks Port Magic
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Replay_Converter_1" = Replay Converter 2.8
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Skype_is1" = Skype 2.5
"Songbird 20081124" = Songbird 1.0.0 (20081124)
"SphereXP" = SphereXP 1.1.626
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SystemRequirementsLab" = System Requirements Lab
"The Rosetta Stone" = The Rosetta Stone
"The Sims" = The Sims
"Trillian" = Trillian
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.0.1 (ansi) for Python 2.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2009 7:13:13 PM | Computer Name = BRIAN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module ieframe.dll, version 7.0.6000.16791, fault address 0x000c5128.

Error - 2/12/2009 7:13:15 PM | Computer Name = BRIAN | Source = Application Error | ID = 1001
Description = Fault bucket 1138160036.

Error - 2/12/2009 7:26:31 PM | Computer Name = BRIAN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module ieframe.dll, version 7.0.6000.16791, fault address 0x000c5128.

Error - 2/12/2009 7:26:34 PM | Computer Name = BRIAN | Source = Application Error | ID = 1001
Description = Fault bucket 1138160036.

Error - 2/12/2009 7:35:01 PM | Computer Name = BRIAN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module ieframe.dll, version 7.0.6000.16791, fault address 0x000c5128.

Error - 2/12/2009 7:58:22 PM | Computer Name = BRIAN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module ieframe.dll, version 7.0.6000.16791, fault address 0x000c5128.

Error - 2/12/2009 7:58:25 PM | Computer Name = BRIAN | Source = Application Error | ID = 1001
Description = Fault bucket 1138160036.

Error - 2/12/2009 8:04:12 PM | Computer Name = BRIAN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module ieframe.dll, version 7.0.6000.16791, fault address 0x000c5128.

Error - 2/12/2009 11:55:49 PM | Computer Name = BRIAN | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/13/2009 4:48:28 PM | Computer Name = BRIAN | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0b2acc80.

[ System Events ]
Error - 2/13/2009 12:44:07 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7000
Description = The AVG E-mail Scanner service failed to start due to the following
error: %%2

Error - 2/13/2009 4:53:00 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7000
Description = The AVG7 Alert Manager Server service failed to start due to the following
error: %%2

Error - 2/13/2009 4:53:00 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7000
Description = The AVG7 Update Service service failed to start due to the following
error: %%2

Error - 2/13/2009 4:53:00 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7000
Description = The AVG E-mail Scanner service failed to start due to the following
error: %%2

Error - 2/13/2009 9:29:46 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7000
Description = The AVG7 Alert Manager Server service failed to start due to the following
error: %%2

Error - 2/13/2009 9:29:46 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7000
Description = The AVG7 Update Service service failed to start due to the following
error: %%2

Error - 2/13/2009 9:29:46 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7000
Description = The AVG E-mail Scanner service failed to start due to the following
error: %%2

Error - 2/14/2009 8:40:46 AM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7000
Description = The AVG7 Alert Manager Server service failed to start due to the following
error: %%2

Error - 2/14/2009 8:40:46 AM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7000
Description = The AVG7 Update Service service failed to start due to the following
error: %%2

Error - 2/14/2009 8:40:46 AM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7000
Description = The AVG E-mail Scanner service failed to start due to the following
error: %%2


< End of report >

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 14 February 2009 - 01:38 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 SirRoundSound

SirRoundSound
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 14 February 2009 - 03:37 PM

ComboFix log:
ComboFix 09-02-12.03 - Administrator 2009-02-14 14:55:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1316 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall Plus *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp.temp
c:\windows\system32\AutoRun.inf
c:\windows\system32\Cache
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.

2009-02-14 14:49 . 2009-02-14 14:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg7
2009-02-13 19:15 . 2009-02-13 19:15 <DIR> d-------- C:\_OTScanIt
2009-02-13 19:12 . 2009-02-13 19:12 <DIR> d-------- c:\program files\ERUNT
2009-02-13 15:58 . 2009-02-13 15:58 <DIR> d-------- c:\program files\CleanUp!
2009-02-13 14:40 . 2009-02-13 14:47 250 --a------ c:\windows\gmer.ini
2009-02-13 13:36 . 2009-02-13 13:36 <DIR> d-------- C:\rsit
2009-02-12 23:10 . 2009-02-12 22:57 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-12 22:57 . 2009-02-12 22:56 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-12 22:55 . 2009-02-12 22:55 <DIR> d-------- c:\program files\Lavasoft
2009-02-12 22:55 . 2009-02-12 22:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-12 22:55 . 2009-02-12 22:55 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-12 22:25 . 2009-02-12 22:25 <DIR> d-------- C:\VundoFix Backups
2009-02-12 21:40 . 2009-02-12 21:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 21:40 . 2009-02-12 21:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-12 21:40 . 2009-02-12 21:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-12 21:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 21:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-12 20:08 . 2009-02-12 20:08 153 --a------ c:\windows\wininit.ini
2009-02-12 20:03 . 2009-02-12 20:03 <DIR> d-------- c:\program files\Trend Micro
2009-02-12 18:44 . 2009-02-12 18:44 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-12 18:44 . 2009-02-12 18:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-12 18:15 . 2009-02-12 18:15 <DIR> d-------- c:\program files\CCleaner
2009-02-10 20:14 . 2009-02-10 20:14 <DIR> d-------- c:\program files\Common Files\Macromedia
2009-02-10 20:12 . 2009-02-10 20:14 <DIR> d-------- c:\program files\Macromedia
2009-02-02 18:16 . 2009-02-02 18:16 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SPORE
2009-02-02 18:15 . 2009-02-02 18:15 <DIR> dr-h----- c:\documents and settings\Administrator\Application Data\SecuROM
2009-01-26 17:42 . 2009-01-26 17:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Songbird2
2009-01-26 17:41 . 2009-02-12 23:05 <DIR> d-------- c:\program files\Songbird
2009-01-26 17:41 . 2009-01-26 17:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\SongbirdVLC
2009-01-24 11:49 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-24 11:49 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-24 11:49 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-17 07:54 . 2009-01-17 07:55 <DIR> d-------- c:\program files\Windows Live
2009-01-17 07:54 . 2009-01-17 07:54 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2009-01-17 07:54 . 2009-01-17 07:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 19:46 --------- d-----w c:\program files\Trillian
2009-02-14 00:58 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-14 00:55 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-12 18:38 --------- d-----w c:\program files\Norton Security Scan
2009-02-12 18:38 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-11 01:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 03:59 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-02 23:15 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-02 20:47 --------- d-----w c:\program files\Electronic Arts
2009-01-25 15:34 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-11 21:34 --------- d-----w c:\program files\Google
2009-01-08 07:45 --------- d-----w c:\documents and settings\Administrator\Application Data\Move Networks
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-01-23 00:51 22,328 -c--a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2007-07-11 22:56 1,969,152 -c--a-w c:\program files\FLV PlayerRCSetup.exe
2007-06-28 05:28 1 -c--a-w c:\documents and settings\Administrator\SI.bin
2006-11-17 00:19 81,920 -c--a-w c:\documents and settings\Administrator\Application Data\ezpinst.exe
2006-11-17 00:19 47,360 -c--a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys
2001-03-28 16:02 122,880 -c--a-w c:\windows\inf\Agfa\message.exe
2007-03-09 08:12 27,648 -csha-w c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"Gateway Extended Warranty"="c:\program files\Gateway\GWCares\GWCares.exe" [2004-02-08 73728]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-07-20 7090176]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-09 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-09-27 999424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-11-06 200704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-28 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-12 509784]
"MsmqIntCert"="mqrt.dll" [2008-04-13 c:\windows\system32\mqrt.dll]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2006-11-06 1742384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\battlefront.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-12 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R3 PRISM_USB;Dell TrueMobile 1180 Wireless USB Adapter;c:\windows\system32\drivers\DELUSB_51.sys [2006-11-06 606208]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2009-02-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-12 22:56]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - sttray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.freewebportal.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\863budge.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\863budge.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 14:58:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\SecuROM\License information*]
"datasecu"=hex:9b,69,52,bb,3a,af,04,5d,62,b7,a6,ca,ad,65,70,1c,45,19,20,bd,93,
79,37,7b,ad,7d,23,e1,a5,13,44,84,f7,53,f9,f0,67,9b,bd,d7,5e,17,1a,e9,06,5f,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{25A785AE-3892-CA84-EA9A006458EDF41F}\{C494D2DB-9D8B-1943-CDB4B7EB0238E0C7}\{76739E62-5E8B-35F4-1BE90E5C477012C5}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,d6,fb,2c,
53,74,e5,b9,90,27,48,30,94,63,e1,a1,a1,5f,83,4d,8f,d5,b4,51,49,73,f4,9a,dc,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E24A3BE2-0E58-440D-C5291999CC5C5741}\{9EE83BBD-CDA7-8737-4BFE3ADA0C41BF51}\{12860FBF-70CB-D90A-D9669DC891BE38B3}*]
"G2ODBCSUISDKL2GJMZO1MJ5AUG1"=hex:01,00,01,00,00,00,00,00,9d,07,c2,9d,25,58,3c,
a7,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EAE54BA3-56A0-7636-9D760FE75B19E95C}\{32AED356-A62E-B541-0C1631C471EC4552}\{622BCC28-1320-8061-75578A77CF92A31A}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,d6,fb,2c,
53,74,e5,b9,90,27,48,30,94,63,e1,a1,a1,5f,83,4d,8f,d5,b4,51,49,73,f4,9a,dc,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EEC79885-4786-49D7-ED36B6E7637E50FF}\{25B171C9-78C7-18E7-FBBA7E6592C7CB70}\{6B8ADD0A-85A7-C5B5-191A2895BD30C6E1}*]
"G2ODBCSUISDKL2GJMZO1MJ5AUG1"=hex:01,00,01,00,00,00,00,00,9d,07,c2,9d,25,58,3c,
a7,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(812)
c:\program files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\Netscape Internet Service\ncupdatesvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\snmp.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee.com\VSO\mcvsftsn.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Messenger\msmsgs.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-02-14 15:07:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-14 20:07:45

Pre-Run: 7,719,391,232 bytes free
Post-Run: 7,545,827,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

277 --- E O F --- 2009-02-12 04:13:38

#15 SirRoundSound

SirRoundSound
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 14 February 2009 - 03:38 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:28 PM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebportal.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 12970 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users