Got rid of Braviax, now have Brastk.exe

F

Fatboy_97

New member
Similar problems with this virus. Reloads itself at startup after being deleted, messes with Spybot S&D, Killbox.exe, etc. Help! Thanks in advance. Here's the HJT log per instuctions.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:53 PM, on 10/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA7219] command /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8641] cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7794] command /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1371] cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://myspace.oberon-media.com/gam...cd/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://myspace.oberon-media.com/gam...5/online/diner_dash/en/DinerDash.1.0.0.80.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alerter AlerterRasAutoAticlr_optimization_v2.0.50727_32 (AlerterRasAutoAticlr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\
O23 - Service: Alerter AlerterRpcSs (AlerterRpcSs) - Unknown owner - .exe (file missing)
O23 - Service: Application Management AppMgmtCiSvc (AppMgmtCiSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Application Management AppMgmtCiSvc AppMgmtCiSvcFastUserSwitchingCompatibility (AppMgmtCiSvcFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\
O23 - Service: Application Management AppMgmtFastUserSwitchingCompatibility (AppMgmtFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\
O23 - Service: Application Management AppMgmtFastUserSwitchingCompatibility AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService (AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: Application Management AppMgmtFastUserSwitchingCompatibility AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService PMSP Service (AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService PMSP Service) - Unknown owner - C:\WINDOWS\
O23 - Service: Application Management AppMgmtFastUserSwitchingCompatibility AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceNetman (AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceNetman) - Unknown owner - C:\WINDOWS\
O23 - Service: ASP.NET State Service aspnet_stateLmHosts (aspnet_stateLmHosts) - Unknown owner - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Ati HotKey Poller Aticlr_optimization_v2.0.50727_32 (Aticlr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\
O23 - Service: Ati HotKey Poller Aticlr_optimization_v2.0.50727_32 Aticlr_optimization_v2.0.50727_32AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService (Aticlr_optimization_v2.0.50727_32AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService) - Unknown owner - .exe (file missing)
O23 - Service: Windows Audio AudioSrvRDSessMgr (AudioSrvRDSessMgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Computer Browser Browseraspnet_stateLmHosts (Browseraspnet_stateLmHosts) - Unknown owner - .exe (file missing)
O23 - Service: Computer Browser Browserwuauserv (Browserwuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Computer Browser Browserwuauserv BrowserwuauservALG (BrowserwuauservALG) - Unknown owner - C:\WINDOWS\
O23 - Service: Computer Browser Browserwuauserv BrowserwuauservW32TimeSpoolerNVSvc (BrowserwuauservW32TimeSpoolerNVSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: ClipBook ClipSrvSSDPSRVEventSystemwuauservEventlogImapiServicegusvc (ClipSrvSSDPSRVEventSystemwuauservEventlogImapiServicegusvc) - Unknown owner - .exe (file missing)
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32RasMan (clr_optimization_v2.0.50727_32RasMan) - Unknown owner - C:\WINDOWS\
O23 - Service: COM+ System Application COMSysAppFastUserSwitchingCompatibility (COMSysAppFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\
O23 - Service: COM+ System Application COMSysAppFastUserSwitchingCompatibility COMSysAppFastUserSwitchingCompatibilityWMPNetworkSvcWebClient (COMSysAppFastUserSwitchingCompatibilityWMPNetworkSvcWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DHCP Client DhcpNetman (DhcpNetman) - Unknown owner - .exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service dmadminEventlog (dmadminEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: DNS Client Dnscachegusvc (Dnscachegusvc) - Unknown owner - C:\WINDOWS\
O23 - Service: COM+ Event System EventSystemgusvc (EventSystemgusvc) - Unknown owner - C:\WINDOWS\
O23 - Service: COM+ Event System EventSystemgusvc EventSystemgusvcWMPNetworkSvc (EventSystemgusvcWMPNetworkSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Google Updater Service gusvcstisvc (gusvcstisvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Human Interface Device Access HidServaspnet_state (HidServaspnet_state) - Unknown owner - .exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TCP/IP NetBIOS Helper LmHostsNtLmSsp (LmHostsNtLmSsp) - Unknown owner - C:\WINDOWS\
O23 - Service: Messenger MessengerRSVP (MessengerRSVP) - Unknown owner - .exe (file missing)
O23 - Service: Distributed Transaction Coordinator MSDTCWZCSVC (MSDTCWZCSVC) - Unknown owner - C:\WINDOWS\
O23 - Service: Distributed Transaction Coordinator MSDTCWZCSVC MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility (MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility) - Unknown owner - .exe (file missing)
O23 - Service: Distributed Transaction Coordinator MSDTCWZCSVC MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility Smart (MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility Smart) - Unknown owner - .exe (file missing)
O23 - Service: Windows Installer MSIServerTrkWksALG (MSIServerTrkWksALG) - Unknown owner - .exe (file missing)
O23 - Service: Network DDE NetDDEclr_optimization_v2.0.50727_32 (NetDDEclr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\
O23 - Service: Network DDE DSDM NetDDEdsdm Smart (NetDDEdsdm Smart) - Unknown owner - C:\WINDOWS\
O23 - Service: Network DDE DSDM NetDDEdsdmgusvcstisvc (NetDDEdsdmgusvcstisvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Network Connections NetmanSamSs (NetmanSamSs) - Unknown owner - .exe (file missing)
O23 - Service: Network Connections NetmanWMPNetworkSvcNtmsSvc (NetmanWMPNetworkSvcNtmsSvc) - Unknown owner - .exe (file missing)
O23 - Service: Network Location Awareness (NLA) NlaSENS (NlaSENS) - Unknown owner - C:\WINDOWS\
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Driver Helper Service NVSvchkmsvc (NVSvchkmsvc) - Unknown owner - .exe (file missing)
O23 - Service: NVIDIA Driver Helper Service NVSvcRemoteAccess (NVSvcRemoteAccess) - Unknown owner - C:\WINDOWS\
O23 - Service: NVIDIA Driver Helper Service NVSvcRemoteAccess NVSvcRemoteAccessDhcpNetman (NVSvcRemoteAccessDhcpNetman) - Unknown owner - .exe (file missing)
O23 - Service: IPSEC Services PolicyAgentWebClient (PolicyAgentWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: IPSEC Services PolicyAgentWebClient PolicyAgentWebClientWmiApSrv (PolicyAgentWebClientWmiApSrv) - Unknown owner - .exe (file missing)
O23 - Service: Remote Access Auto Connection Manager RasAutoAticlr_optimization_v2.0.50727_32 (RasAutoAticlr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\
O23 - Service: Routing and Remote Access RemoteAccessNtLmSsp (RemoteAccessNtLmSsp) - Unknown owner - C:\WINDOWS\
O23 - Service: Remote Procedure Call (RPC) Locator RpcLocatorRemoteAccessNtLmSsp (RpcLocatorRemoteAccessNtLmSsp) - Unknown owner - C:\WINDOWS\
O23 - Service: Smart Card SCardSvrThemes (SCardSvrThemes) - Unknown owner - C:\WINDOWS\
O23 - Service: Secondary Logon seclogonALG (seclogonALG) - Unknown owner - .exe (file missing)
O23 - Service: Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) SharedAccessWMPNetworkSvcNtmsSvc (SharedAccessWMPNetworkSvcNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Shell Hardware Detection ShellHWDetection Service for CDROM Access (ShellHWDetection Service for CDROM Access) - Unknown owner - C:\WINDOWS\
O23 - Service: Shell Hardware Detection ShellHWDetectionIDriverT (ShellHWDetectionIDriverT) - Unknown owner - C:\WINDOWS\
O23 - Service: Shell Hardware Detection ShellHWDetectionIDriverT ShellHWDetectionIDriverTPlugPlay (ShellHWDetectionIDriverTPlugPlay) - Unknown owner - .exe (file missing)
O23 - Service: Shell Hardware Detection ShellHWDetectionIDriverT ShellHWDetectionIDriverTPlugPlay ShellHWDetectionIDriverTPlugPlayNVSvcRemoteAccess (ShellHWDetectionIDriverTPlugPlayNVSvcRemoteAccess) - Unknown owner - .exe (file missing)
O23 - Service: Shell Hardware Detection ShellHWDetectionIDriverT ShellHWDetectionIDriverTPlugPlay ShellHWDetectionIDriverTPlugPlayRpcLocatorRemoteAccessNtLmSsp (ShellHWDetectionIDriverTPlugPlayRpcLocatorRemoteAccessNtLmSsp) - Unknown owner - .exe (file missing)
O23 - Service: Print Spooler Spooler Smart (Spooler Smart) - Unknown owner - C:\WINDOWS\
O23 - Service: Print Spooler SpoolerAudioSrvRDSessMgr (SpoolerAudioSrvRDSessMgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Print Spooler SpoolerNVSvc (SpoolerNVSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: SSDP Discovery Service SSDPSRVEventSystem (SSDPSRVEventSystem) - Unknown owner - C:\WINDOWS\
O23 - Service: SSDP Discovery Service SSDPSRVEventSystem SSDPSRVEventSystemwuauservEventlogImapiServicegusvc (SSDPSRVEventSystemwuauservEventlogImapiServicegusvc) - Unknown owner - .exe (file missing)
O23 - Service: MS Software Shadow Copy Provider SwPrvSharedAccess (SwPrvSharedAccess) - Unknown owner - C:\WINDOWS\
O23 - Service: Performance Logs and Alerts SysmonLogAppMgmtCiSvcFastUserSwitchingCompatibility (SysmonLogAppMgmtCiSvcFastUserSwitchingCompatibility) - Unknown owner - .exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Distributed Link Tracking Client TrkWksALG (TrkWksALG) - Unknown owner - C:\WINDOWS\
O23 - Service: Distributed Link Tracking Client TrkWksImapiService (TrkWksImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: Distributed Link Tracking Client TrkWkslanmanserver (TrkWkslanmanserver) - Unknown owner - .exe (file missing)
O23 - Service: Distributed Link Tracking Client TrkWksNetmanSamSs (TrkWksNetmanSamSs) - Unknown owner - .exe (file missing)
O23 - Service: Uninterruptible Power Supply UPSAudioSrvRDSessMgr (UPSAudioSrvRDSessMgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Time W32TimeSpoolerNVSvc (W32TimeSpoolerNVSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Portable Media Serial Number Service WmdmPmSNaspnet_stateLmHosts (WmdmPmSNaspnet_stateLmHosts) - Unknown owner - .exe (file missing)
O23 - Service: WMI Performance Adapter WmiApSrvAppMgmtCiSvcFastUserSwitchingCompatibility (WmiApSrvAppMgmtCiSvcFastUserSwitchingCompatibility) - Unknown owner - .exe (file missing)
O23 - Service: WMI Performance Adapter WmiApSrvRemoteAccessNtLmSsp (WmiApSrvRemoteAccessNtLmSsp) - Unknown owner - .exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service WMPNetworkSvcNtmsSvc (WMPNetworkSvcNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Media Player Network Sharing Service WMPNetworkSvcNtmsSvc WMPNetworkSvcNtmsSvcTermService (WMPNetworkSvcNtmsSvcTermService) - Unknown owner - .exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service WMPNetworkSvcWebClient (WMPNetworkSvcWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Media Player Network Sharing Service WMPNetworkSvcWebClient WMPNetworkSvcWebClientDhcp (WMPNetworkSvcWebClientDhcp) - Unknown owner - .exe (file missing)
O23 - Service: Security Center wscsvc Service for CDROM Access (wscsvc Service for CDROM Access) - Unknown owner - C:\WINDOWS\
O23 - Service: Security Center wscsvcDhcp (wscsvcDhcp) - Unknown owner - .exe (file missing)
O23 - Service: Automatic Updates wuauservDhcp (wuauservDhcp) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatic Updates wuauservEventlog (wuauservEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatic Updates wuauservEventlog wuauservEventlogImapiService (wuauservEventlogImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatic Updates wuauservEventlog wuauservEventlogImapiService wuauservEventlogImapiServicegusvc (wuauservEventlogImapiServicegusvc) - Unknown owner - C:\WINDOWS\

--
End of file - 20366 bytes
 
Hello & welcome :)

I am looking over your log & will return shortly with instructions.

Please do not run any removal/fixit apps till I tell you as they may interfere with our work.

Thanks

blender
 
Hello,

You remember the site that may have attacked you like this?
Or what file you ran before everything went crazy?

Something really odd going on with those services.
I want to get more info before we try fixing anything.

If anytime during our work you don't understand something.. please ask. Don't just keep going on.
And please stick with me till I give you the all clear. Even though the obvious symptoms may dissapear -- that don't mean all clean.

-----------------

1.) download ERUNT from Aumha:

http://www.aumha.org/downloads/erunt-setup.exe

Follow Step 4 onwards of this site to back up your registry.

http://www.silentrunners.org/sr_eruntuse.html

Your choice wether or not to have it create a startup option that will back up registry every boot.

Please then locate this folder:
C:\windows\EDRNT <-- this one
Right click it> properties> report back size of folder contents.

2.) Please download this tool and save it to your desktop:

http://oldtimer.geekstogo.com/OTViewIt.exe

Temporarily disable antimalware programs to prevent its interference with running of OTViewIt.exe
Double click OTViewIt.exe to run.
Click "run scan"
When done it will have produced 2 logs in same folder you saved OTViewit.exe to. (should be on desktop)
Please post contents of both logs. (OTViewIt.txt & Extras.txt)

Don't forget to re-enable antimalware programs when done.
I may ask for more logs and/or file samples later but the above should give us a good start.

3.) Click start> run> type msconfig and hit enter.
Click the boot.ini tab.
Checkmark ONLY /bootlog
Then hit "apply" and "close".
Don't mess with anything else in there!
Reboot when prompted.
At reboot you will get notification you used msconfig to change how windows starts.
Just check the box that says "dont tell me this again..." and OK.

Locate & delete:
C:\windows\ntbtlog.txt

Reboot

Post the new c:\windows\ntbtlog.txt

It may take a few posts to get all logs in without getting cut off.

I highly recommend you keep this machine offline while not actually working on fixes. It is most likely hammering out spam like crazy & your ISP may get upset not to mention more junk is likely getting installed.

Thanks
 
Thank you for your time Blender. Sorry, I don't know where this stuff came from; been battling it for a long time; shoulda came here first. :red:

First of all the ERDNT file is 48.1 MB; 12 files, 4 folders.

OTViewIt.Txt as follows:
OTViewIt logfile created on: 10/28/2008 8:50:08 PM - Run
OTViewIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\Dennis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 550.43 Mb Available Physical Memory | 53.78% Memory free
2.41 Gb Paging File | 2.01 Gb Available in Paging File | 83.60% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 54.33 Gb Free Space | 71.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DENNIS-JIF0Z43K
Current User Name: Dennis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/19 14:22:21 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2002/11/11 21:59:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/04/24 16:52:22 | 00,066,880 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2002/04/11 11:47:52 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.exe
[2001/10/16 08:08:48 | 00,086,016 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
[2005/08/12 14:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/04/24 16:52:28 | 00,259,392 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
[2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2004/02/03 14:42:54 | 00,401,491 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
[2007/12/25 10:36:05 | 00,028,672 | ---- | M] (DataViz, Inc.) -- C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
[2004/06/09 15:27:34 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/08/12 14:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2008/06/23 02:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/28 20:46:51 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dennis\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/19 14:22:21 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2006/07/30 12:49:12 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
File not found -- -- (AlerterRasAutoAticlr_optimization_v2.0.50727_32 [Auto | Stopped])
File not found -- -- (AlerterRpcSs [Auto | Stopped])
File not found -- -- (AppMgmtCiSvc [Auto | Stopped])
File not found -- -- (AppMgmtCiSvcFastUserSwitchingCompatibility [Auto | Stopped])
File not found -- -- (AppMgmtFastUserSwitchingCompatibility [Auto | Stopped])
File not found -- -- (AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService [Auto | Stopped])
File not found -- -- (AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService PMSP Service [Auto | Stopped])
File not found -- -- (AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceNetman [Auto | Stopped])
[2007/04/13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
File not found -- -- (aspnet_stateLmHosts [Auto | Stopped])
[2007/12/20 19:57:27 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
[2007/12/20 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
File not found -- -- (Aticlr_optimization_v2.0.50727_32 [Auto | Stopped])
File not found -- -- (Aticlr_optimization_v2.0.50727_32AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService [Auto | Stopped])
File not found -- -- (AudioSrvRDSessMgr [Auto | Stopped])
File not found -- -- (Browseraspnet_stateLmHosts [Auto | Stopped])
File not found -- -- (Browserwuauserv [Auto | Stopped])
File not found -- -- (BrowserwuauservALG [Auto | Stopped])
File not found -- -- (BrowserwuauservW32TimeSpoolerNVSvc [Auto | Stopped])
File not found -- -- (ClipSrvSSDPSRVEventSystemwuauservEventlogImapiServicegusvc [Auto | Stopped])
[2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (clr_optimization_v2.0.50727_32RasMan [Auto | Stopped])
File not found -- -- (COMSysAppFastUserSwitchingCompatibility [Auto | Stopped])
File not found -- -- (COMSysAppFastUserSwitchingCompatibilityWMPNetworkSvcWebClient [Auto | Stopped])
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
File not found -- -- (DhcpNetman [Auto | Stopped])
File not found -- -- (dmadminEventlog [Auto | Stopped])
File not found -- -- (Dnscachegusvc [Auto | Stopped])
File not found -- -- (EventSystemgusvc [Auto | Stopped])
File not found -- -- (EventSystemgusvcWMPNetworkSvc [Auto | Stopped])
[2008/09/17 17:00:24 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
File not found -- -- (gusvcstisvc [Auto | Stopped])
File not found -- -- (HidServaspnet_state [Auto | Stopped])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
File not found -- -- (LmHostsNtLmSsp [Auto | Stopped])
File not found -- -- (MessengerRSVP [Auto | Stopped])
File not found -- -- (MSDTCWZCSVC [Auto | Stopped])
File not found -- -- (MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility [Auto | Stopped])
File not found -- -- (MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility Smart [Auto | Stopped])
File not found -- -- (MSIServerTrkWksALG [Auto | Stopped])
File not found -- -- (NetDDEclr_optimization_v2.0.50727_32 [Auto | Stopped])
File not found -- -- (NetDDEdsdm Smart [Auto | Stopped])
File not found -- -- (NetDDEdsdmgusvcstisvc [Auto | Stopped])
File not found -- -- (NetmanSamSs [Auto | Stopped])
File not found -- -- (NetmanWMPNetworkSvcNtmsSvc [Auto | Stopped])
File not found -- -- (NlaSENS [Auto | Stopped])
[2002/11/11 21:59:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
File not found -- -- (NVSvchkmsvc [Auto | Stopped])
File not found -- -- (NVSvcRemoteAccess [Auto | Stopped])
File not found -- -- (NVSvcRemoteAccessDhcpNetman [Auto | Stopped])
File not found -- -- (PolicyAgentWebClient [Auto | Stopped])
File not found -- -- (PolicyAgentWebClientWmiApSrv [Auto | Stopped])
File not found -- -- (RasAutoAticlr_optimization_v2.0.50727_32 [Auto | Stopped])
File not found -- -- (RemoteAccessNtLmSsp [Auto | Stopped])
File not found -- -- (RemoteAccessPolicyAgentWebClient [Auto | Stopped])
File not found -- -- (RpcLocatorRemoteAccessNtLmSsp [Auto | Stopped])
File not found -- -- (SCardSvrThemes [Auto | Stopped])
File not found -- -- (seclogonALG [Auto | Stopped])
File not found -- -- (SharedAccessWMPNetworkSvcNtmsSvc [Auto | Stopped])
File not found -- -- (ShellHWDetection Service for CDROM Access [Auto | Stopped])
File not found -- -- (ShellHWDetectionIDriverT [Auto | Stopped])
File not found -- -- (ShellHWDetectionIDriverTPlugPlay [Auto | Stopped])
File not found -- -- (ShellHWDetectionIDriverTPlugPlayNVSvcRemoteAccess [Auto | Stopped])
File not found -- -- (ShellHWDetectionIDriverTPlugPlayRpcLocatorRemoteAccessNtLmSsp [Auto | Stopped])
File not found -- -- (Spooler Smart [Auto | Stopped])
File not found -- -- (SpoolerAudioSrvRDSessMgr [Auto | Stopped])
File not found -- -- (SpoolerAudioSrvRDSessMgrTrkWksALGSSDPSRVEventSystemwuauservEventlogImapiServicegusvc [Auto | Stopped])
File not found -- -- (SpoolerNVSvc [Auto | Stopped])
File not found -- -- (SSDPSRVEventSystem [Auto | Stopped])
File not found -- -- (SSDPSRVEventSystemwuauservEventlogImapiServicegusvc [Auto | Stopped])
File not found -- -- (SwPrvSharedAccess [Auto | Stopped])
File not found -- -- (SysmonLogAppMgmtCiSvcFastUserSwitchingCompatibility [Auto | Stopped])
[2008/04/24 16:52:22 | 00,066,880 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire [Auto | Running])
File not found -- -- (TrkWksALG [Auto | Stopped])
File not found -- -- (TrkWksALGSSDPSRVEventSystemwuauservEventlogImapiServicegusvc [Auto | Stopped])
File not found -- -- (TrkWksImapiService [Auto | Stopped])
File not found -- -- (TrkWkslanmanserver [Auto | Stopped])
File not found -- -- (TrkWksNetmanSamSs [Auto | Stopped])
File not found -- -- (UPSAudioSrvRDSessMgr [Auto | Stopped])
[2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
File not found -- -- (W32TimeSpoolerNVSvc [Auto | Stopped])
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
File not found -- -- (WmdmPmSNaspnet_stateLmHosts [Auto | Stopped])
File not found -- -- (WmiApSrvAppMgmtCiSvcFastUserSwitchingCompatibility [Auto | Stopped])
File not found -- -- (WmiApSrvRemoteAccessNtLmSsp [Auto | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
File not found -- -- (WMPNetworkSvcNtmsSvc [Auto | Stopped])
File not found -- -- (WMPNetworkSvcNtmsSvcTermService [Auto | Stopped])
File not found -- -- (WMPNetworkSvcWebClient [Auto | Stopped])
File not found -- -- (WMPNetworkSvcWebClientDhcp [Auto | Stopped])
File not found -- -- (wscsvc Service for CDROM Access [Auto | Stopped])
File not found -- -- (wscsvcDhcp [Auto | Stopped])
File not found -- -- (wuauservDhcp [Auto | Stopped])
File not found -- -- (wuauservEventlog [Auto | Stopped])
File not found -- -- (wuauservEventlogImapiService [Auto | Stopped])
File not found -- -- (wuauservEventlogImapiServicegusvc [Auto | Stopped])
File not found -- -- (AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceMessengerRSVP [Auto | Stopped])

========== Driver Services ==========

[2008/04/13 11:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[1997/04/22 10:16:00 | 00,006,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75 [Auto | Running])
[2007/12/20 20:53:20 | 02,843,136 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
[2008/10/28 18:29:22 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
[2002/07/19 10:46:28 | 00,127,948 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2002/07/19 10:47:52 | 00,837,548 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2001/08/17 12:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk [On_Demand | Stopped])
[2002/07/19 10:48:08 | 00,011,068 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2002/07/19 10:48:22 | 00,213,860 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2002/08/13 06:27:22 | 00,074,338 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90Xbc [On_Demand | Running])
[2002/07/19 10:48:32 | 00,156,604 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2008/04/13 11:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2002/07/24 13:52:26 | 00,998,004 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2002/04/11 11:47:52 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter [On_Demand | Running])
[2001/08/17 14:02:40 | 00,035,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame [On_Demand | Stopped])
[2001/08/17 07:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
[2003/05/26 16:41:29 | 00,006,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
[2005/05/12 00:34:00 | 03,189,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2002/12/04 21:01:00 | 00,013,056 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax [On_Demand | Running])
[2002/09/22 19:37:00 | 00,080,896 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET [On_Demand | Running])
[2002/12/04 21:01:00 | 00,241,664 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce [On_Demand | Running])
[2002/09/05 20:24:00 | 00,013,568 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp [Boot | Running])
[2002/07/19 10:48:04 | 00,195,432 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2007/12/25 10:33:54 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
[2002/06/14 13:49:56 | 00,010,194 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT [Auto | Running])
[2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2005/11/10 18:00:48 | 00,102,400 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (Si3112r [Boot | Running])
[2004/11/01 12:21:32 | 00,010,368 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter [Boot | Running])
[2005/03/24 18:21:22 | 00,038,937 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C [On_Demand | Stopped])
[2008/04/24 16:52:38 | 00,051,520 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon [Boot | Running])
[2008/04/24 16:52:42 | 00,033,088 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon [On_Demand | Running])
[2008/04/24 16:52:44 | 00,038,208 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon [Boot | Running])
[2003/12/22 10:28:18 | 00,104,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
[2008/10/28 18:33:13 | 00,031,104 | ---- | M] () -- C:\WINDOWS\system32\drivers\Windi26.sys -- (Windi26 [Boot | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.yahoo.com
"Default_Search_URL"=http://www.google.com/ie
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.google.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://www.google.com

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.msn.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"nForce Tray Options"=sstray.exe /r (NVIDIA Corporation)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"OneTouch Monitor"=C:\PROGRA~1\VISION~1\ONETOU~2.EXE (Visioneer Inc)
"POINTER"=point32.exe File not found
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe (PC Tools)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (Microsoft Corporation)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/09/23 23:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2005/08/12 14:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2007/12/25 10:36:05 | 00,028,672 | ---- | M] (DataViz, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
[2004/06/09 15:27:34 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2001/02/13 02:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
""=
"NoDriveTypeAutoRun"=_ [binary data]
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=_ [binary data]
"NoSaveSettings"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoVisualStyleChoice"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}: Button: Spyware Doctor -- Reg Error: Key does not exist or could not be opened. File not found
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: Create Mobile Favorite -- %ProgramFiles%\Microsoft ActiveSync\INETREPL.DLL [2004/02/03 14:41:46 | 00,131,155 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: Create Mobile Favorite... -- %ProgramFiles%\Microsoft ActiveSync\INETREPL.DLL [2004/02/03 14:41:46 | 00,131,155 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKLM] -> [Spyware Doctor] -> File not found
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INETREPL.DLL [Create Mobile Favorite] -> [2004/02/03 14:41:46 | 00,131,155 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INETREPL.DLL [Create Mobile Favorite...] -> [2004/02/03 14:41:46 | 00,131,155 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/01/30 13:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\free: http in Local intranet
24 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Shockwave ActiveX Control
{233C1507-6A77-46A4-9443-F871F945D258}: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Shockwave ActiveX Control
{49E67060-2C0D-415E-94C7-52A49F73B2F1}: http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab -- CPlayFirstPiratePoppersControl Object
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}: http://zone.msn.com/bingame/luxr/default/mjolauncher.cab -- MJLauncherCtrl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab -- MSN Games - Installer
{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}: http://myspace.oberon-media.com/gam...cd/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab -- CPlayFirstddfotgControl Object
{C86FF4B0-AA1D-46D4-8612-025FB86583C7}: http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10 -- AstoundLauncher Control
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{D0C0F75C-683A-4390-A791-1ACFD5599AB8}: http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab -- Oberon Flash Game Host
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}: http://myspace.oberon-media.com/gam...5/online/diner_dash/en/DinerDash.1.0.0.80.cab -- CPlayFirstDinerDashControl Object
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}: http://zone.msn.com/bingame/popcaploader_v10.cab -- PopCapLoader Object
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7}: http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll -- PCPitstop Exam
DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{0E43E730-3392-4C45-9E3A-62EAB853F739} (Servers: | Description: )
{184F51D8-B677-4C90-BB26-B5742A2D291D} (Servers: | Description: 1394 Net Adapter)
{357A4C7C-B510-48F5-BAAB-0A2FF5B437DC} (Servers: | Description: NVIDIA nForce MCP Networking Adapter)
{B2F7C348-34D7-4FD3-9785-055445281557} (Servers: | Description: 3Com 3C920B-EMB Integrated Fast Ethernet Controller)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=karna.datesheet
>[2008/10/28 18:31:29 | 00,006,144 | ---- | M] () -- C:\WINDOWS\system32\karna.dat

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
WinCtrl32: "DllName" = WinCtrl32.dll -- C:\WINDOWS\system32\WinCtrl32.dll ()

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
>[2001/09/18 18:37:34 | 00,016,973 | ---- | M] () -- C:\WINDOWS\system32\ZWebAuth.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2003/05/08 11:53:30 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2008/10/28 20:46:50 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dennis\Desktop\OTViewIt.exe
[2008/10/28 20:43:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/28 20:41:53 | 00,000,635 | ---- | C] () -- C:\Documents and Settings\Dennis\Desktop\ERUNT.lnk
[2008/10/28 20:41:52 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/10/28 20:38:33 | 00,149,837 | ---- | C] () -- C:\Documents and Settings\Dennis\My Documents\ERUNT Use.pdf
[2008/10/28 20:33:02 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dennis\Desktop\erunt-setup.exe
[2008/10/28 18:33:12 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\WinCtrl32.dl_
[2008/10/28 18:31:29 | 00,009,728 | ---- | C] () -- C:\WINDOWS\brastk.exe
[2008/10/28 18:29:57 | 00,000,132 | ---- | C] () -- C:\WINDOWS\System32\delself.bat
[2008/10/27 21:17:27 | 00,001,777 | ---- | C] () -- C:\Documents and Settings\Dennis\Desktop\HijackThis.lnk
[2008/10/27 21:16:28 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dennis\Desktop\HJTInstall.exe
[2008/10/27 20:10:44 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\WinCtrl32.dll
[2008/10/24 23:23:38 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\beep.sys
[2008/10/24 23:23:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\dllcache\beep.sys
[2008/10/24 22:36:52 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\brastk.exe
[2008/10/24 22:34:21 | 00,000,000 | ---D | C] -- C:\New Folder
[2008/10/24 22:28:02 | 00,000,000 | ---D | C] -- C:\backups
[2008/10/18 17:57:16 | 00,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[2008/10/18 17:57:10 | 00,051,520 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2008/10/18 17:57:10 | 00,038,208 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2008/10/18 17:57:10 | 00,033,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2008/10/18 17:57:10 | 00,012,608 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys
[2008/10/18 17:57:10 | 00,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2008/10/18 17:57:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2008/10/06 23:34:21 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\453.exe
[2008/10/06 22:19:37 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\312.exe
[2008/10/06 22:10:11 | 00,065,428 | ---- | C] () -- C:\WINDOWS\System32\wini10541.exe
[2008/10/06 22:09:24 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\karna.dat
[2008/10/06 22:09:24 | 00,006,144 | ---- | C] () -- C:\WINDOWS\karna.dat
[2008/10/03 07:39:03 | 00,184,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\531.exe
[2008/10/03 07:39:01 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\703.exe
[2008/10/03 00:40:33 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\796.exe
[2008/10/02 22:50:02 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\890.exe
[2008/10/02 22:37:50 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\828.exe
[2008/10/02 22:37:47 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\921.exe
[2008/10/01 18:12:41 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\109.exe
[2008/09/30 18:34:32 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\953.exe
[2008/09/30 18:34:29 | 00,185,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\437.exe
[2008/09/29 19:38:05 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\765.exe

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/10/28 20:46:51 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dennis\Desktop\OTViewIt.exe
[2008/10/28 20:41:53 | 00,000,635 | ---- | M] () -- C:\Documents and Settings\Dennis\Desktop\ERUNT.lnk
[2008/10/28 20:41:01 | 54,112,602 | -HS- | M] () -- C:\WINDOWS\System32\Adobeh.sys
[2008/10/28 20:38:33 | 00,149,837 | ---- | M] () -- C:\Documents and Settings\Dennis\My Documents\ERUNT Use.pdf
[2008/10/28 20:33:06 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dennis\Desktop\erunt-setup.exe
[2008/10/28 20:18:46 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/28 18:35:30 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{41111FB6-E87B-4712-9635-90034B0CC9F3}.job
[2008/10/28 18:33:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\dllcache\beep.sys
[2008/10/28 18:33:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\13i.sys
[2008/10/28 18:33:13 | 00,031,104 | ---- | M] () -- C:\WINDOWS\System32\drivers\Windi26.sys
[2008/10/28 18:33:12 | 00,015,360 | ---- | M] () -- C:\WINDOWS\System32\WinCtrl32.dl_
[2008/10/28 18:31:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/28 18:31:33 | 00,015,360 | ---- | M] () -- C:\WINDOWS\System32\WinCtrl32.dll
[2008/10/28 18:31:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/28 18:31:29 | 00,009,728 | ---- | M] () -- C:\WINDOWS\System32\brastk.exe
[2008/10/28 18:31:29 | 00,009,728 | ---- | M] () -- C:\WINDOWS\brastk.exe
[2008/10/28 18:31:29 | 00,006,144 | ---- | M] () -- C:\WINDOWS\System32\karna.dat
[2008/10/28 18:31:29 | 00,006,144 | ---- | M] () -- C:\WINDOWS\karna.dat
[2008/10/28 18:30:33 | 00,029,676 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000002-80651102}.rfx
[2008/10/28 18:30:33 | 00,029,676 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000002-80651102}.rfx
[2008/10/28 18:30:33 | 00,017,108 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000002-80651102}.rfx
[2008/10/28 18:30:33 | 00,017,108 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000002-80651102}.rfx
[2008/10/28 18:30:33 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/10/28 18:30:33 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/10/28 18:30:33 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000008-00001102-00000002-80651102}.dat
[2008/10/28 18:30:33 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000002-80651102}.dat
[2008/10/28 18:29:57 | 00,000,132 | ---- | M] () -- C:\WINDOWS\System32\delself.bat
[2008/10/28 18:29:22 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys
[2008/10/28 00:25:08 | 10,815,0784 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2008/10/27 23:20:03 | 03,384,453 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000002-80651102}.CDF
[2008/10/27 23:19:46 | 03,384,327 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000002-80651102}.BAK
[2008/10/27 21:17:27 | 00,001,777 | ---- | M] () -- C:\Documents and Settings\Dennis\Desktop\HijackThis.lnk
[2008/10/27 21:16:30 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dennis\Desktop\HJTInstall.exe
[2008/10/27 21:12:20 | 00,000,563 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/27 20:41:00 | 00,000,323 | --S- | M] () -- C:\WINDOWS\System32\2455993257.dat
[2008/10/27 19:04:25 | 00,000,140 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2008/10/20 17:13:19 | 00,000,025 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2008/10/19 15:33:49 | 00,001,111 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/19 13:37:41 | 00,000,225 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2008/10/18 17:57:16 | 00,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[2008/10/06 23:34:27 | 00,065,428 | ---- | M] () -- C:\WINDOWS\System32\wini10541.exe
[2008/10/06 23:34:21 | 00,073,728 | ---- | M] () -- C:\WINDOWS\System32\drivers\453.exe
[2008/10/06 23:31:30 | 00,073,728 | ---- | M] () -- C:\WINDOWS\System32\drivers\703.exe
[2008/10/06 22:19:37 | 00,073,728 | ---- | M] () -- C:\WINDOWS\System32\drivers\312.exe
[2008/10/06 22:15:36 | 00,199,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\734.exe
[2008/10/06 22:06:37 | 00,073,728 | ---- | M] () -- C:\WINDOWS\System32\drivers\921.exe
[2008/10/03 07:39:19 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/03 07:39:19 | 00,000,194 | -HS- | M] () -- C:\boot.ini
[2008/10/03 07:39:03 | 00,184,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\531.exe
[2008/10/03 03:47:35 | 00,186,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\125.exe
[2008/10/03 00:40:33 | 00,186,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\796.exe
[2008/10/03 00:40:31 | 00,185,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\437.exe
[2008/10/02 22:50:02 | 00,186,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\890.exe
[2008/10/02 22:43:44 | 00,199,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\578.exe
[2008/10/02 22:37:50 | 00,186,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\828.exe
[2008/10/02 22:35:56 | 04,321,192 | -H-- | M] () -- C:\Documents and Settings\Dennis\Local Settings\Application Data\IconCache.db
[2008/10/02 19:04:07 | 06,619,752 | ---- | M] () -- C:\QDATA02.QDF
[2008/10/02 19:04:07 | 01,238,016 | ---- | M] () -- C:\QDATA02.QEL
[2008/10/01 18:12:41 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\109.exe
[2008/09/30 18:34:32 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\953.exe
[2008/09/29 19:38:05 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\765.exe
[2008/09/29 02:12:11 | 00,199,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\906.exe
< End of report >
 
Couldn't fit both on one reply, so here's the Extras.Txt:

Extras.Txt as follows:
OTViewIt Extras logfile created on: 10/28/2008 8:50:08 PM - Run
OTViewIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\Dennis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 550.43 Mb Available Physical Memory | 53.78% Memory free
2.41 Gb Paging File | 2.01 Gb Available in Paging File | 83.60% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 54.33 Gb Free Space | 71.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DENNIS-JIF0Z43K
Current User Name: Dennis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 17:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\NovaLogic\Joint Operations Demo\jodemo.exe:*:Enabled:jodemo
File not found -- C:\Program Files\NovaLogic\Delta Force Black Hawk Down\DFBHD.EXE:*:Enabled:DFBHD
[2008/06/23 02:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
File not found -- C:\Program Files\DFPinger\DFBHDPinger\DFBHDPinger.exe:*:Enabled:DFBHDPinger
File not found -- C:\Program Files\LimeWire\LimeWire 4.2.3\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\NovaLogic\Delta Force Black Hawk Down\update.exe:*:Enabled:update
File not found -- D:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe:*:Enabled:prism3d
[2008/04/13 17:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
File not found -- C:\Program Files\NovaLogic\Delta Force Black Hawk Down\Black Operations Mod.exe:*:Enabled:Black Operations Mod
File not found -- C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\Jointops.exe:*:Enabled:Jointops
File not found -- C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\UPDATE.EXE:*:Enabled:UPDATE
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek
[2004/02/03 14:42:04 | 00,962,642 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application
[2004/02/03 14:42:54 | 00,401,491 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager
[2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/08/16 11:23:52 | 00,850,944 | ---- | M] (Abacast, Inc.) -- C:\Documents and Settings\Dennis\Local Settings\Application Data\Abacast\Abaclient.exe:*:Enabled:Abaclient
[2007/09/27 14:18:36 | 01,400,832 | ---- | M] (Abacast, Inc.) -- C:\Documents and Settings\Dennis\Local Settings\Application Data\Abacast\Abaclient2.exe:*:Disabled:Abaclient
[2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 17:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 04:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])
ipp: [HKLM - No CLSID value]
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2004/02/03 14:43:36 | 00,077,903 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\AATP.DLL (mctp:{d7b95390-b1c5-11d0-b111-0080c712fe82} (HKLM) [mctp: Asynchronous Pluggable Protocol Handler])
msdaipp: [HKLM - No CLSID value]
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/19 19:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Disc 2
"{03CDDD00-BD57-4326-9480-4C74449AF597}"=PhotoStitch
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}"=Camera Window
"{0C8EE4CE-981E-4E7C-A2B5-2EA68A645589}"=D4100_Help
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}"=Quicken 2007
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}"=Microsoft IntelliPoint 4.1
"{20B8FD81-A71D-42ea-B887-07A616069E63}"=D4100
"{2238A301-6A20-4bdb-A655-C84AB629F6B6}"=hph_readme
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}"=HPPhotoSmartExpress
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}"=PanoStandAlone
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{48B82226-75E3-4E90-92CC-D30F79EA6380}"=Norton Security Scan
"{49140327-BEBF-43dd-B386-43311A065609}"=hph_ProductContext
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}"=HPProductAssistant
"{4F6DED87-B0E2-462F-A4FE-7DAE4A2CB774}"=Joint Operations: Typhoon Rising - Demo
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5CE42363-EC4B-4D0D-A27B-9B48F253E556}"=LimeWire
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}"=WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{702F1CE2-2751-4E8A-AB2D-53262AE0EF05}"=ATI Catalyst Control Center
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142100}"=Java 2 Runtime Environment, SE v1.4.2_10
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{81935798-5D0C-4892-832E-630E6CC07EAF}"=Morrowind
"{8245C111-D83F-4C66-BBC6-2424F6116944}"=TES Construction Set
"{8331C3EA-0C91-43AA-A4D4-27221C631139}"=Status
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}"=Microsoft Visual C Runtime
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}"=Rhapsody Player Engine
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}"=Unload
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}"=Sound Blaster Live!
"{911A0409-6000-11D3-8CFE-0050048383C9}"=Microsoft Outlook 2002
"{9D404F8F-05A1-4734-9550-6EC2FEE916B8}"=HP Photosmart and Deskjet 7.0 Software
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}"=Windows Defender Signatures
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9
"{AD708DF0-9F04-4CB3-821A-85804A833B4D}"=ArcSoft Camera Suite
"{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}"=Palm
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}"=ViewSonic Monitor Drivers
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}"=HPSSupply
"{BBEB5679-6E2C-47C6-A9B5-3C6D4CD19B60}"=hph_software_req
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}"=RemoteCapture 2.7.0
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}"=Canon Utilities ZoomBrowser EX
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}"=NTI CD-Maker
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}"=SolutionCenter
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}"=HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D6346347-B8CD-4B52-BF5F-9676CDE79801}"=hph_software
"{DB093244-7D79-4384-0081-633D3B2C1244}"=LOTR The Return of the King (tm) Demo
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}"=TrayApp
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}"=MarketResearch
"{EB21A812-671B-4D08-B974-2A347F0D8F70}"=HP Photosmart Essential
"{EB807EB6-5179-48B7-98D4-7B4934A57A81}"=Documents To Go
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}"=File Viewer Utility 1.2
"{F157460F-720E-482f-8625-AD7843891E5F}"=InstantShareDevicesMFC
"{F445476A-42DE-11D4-80D0-00C04F2750A6}"=Epocrates Essentials
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1"=ThreatFire 3.5
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop 5.0 Limited Edition"=Adobe Photoshop 5.0 Limited Edition
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"All ATI Software"=ATI - Software Uninstall Utility
"ASUS Probe V2.19.07"=ASUS Probe V2.19.07
"ATI Display Driver"=ATI Display Driver
"Charter"=Charter Pipeline Professor
"Creative PlayCenter 2.0"=Creative PlayCenter
"DIG Game Manager"=DIG Game Manager
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easy-WebPrint"=Easy-WebPrint
"ERUNT_is1"=ERUNT 1.1j
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools"=HP Solution Center 7.0
"HPExtendedCapabilities"=HP Customer Participation Program 7.0
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}"=Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}"=Canon Camera Window for ZoomBrowser EX
"InstallShield_{5CE42363-EC4B-4D0D-A27B-9B48F253E556}"=LimeWire
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}"=Canon Utilities RemoteCapture 2.7
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}"=NTI CD-Maker 6 Platinum
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}"=Canon Utilities File Viewer Utility 1.2
"JRE 1.3.1_04"=Java 2 Runtime Environment Standard Edition v1.3.1_04
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Microsoft Internet Gaming Zone"=MSN Gaming Zone
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant"=MSN Music Assistant
"MSN Toolbar"=MSN Toolbar
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA"=NVIDIA Windows 2000/XP Display Drivers
"NVIDIAnForce"=NVIDIA Windows 2000/XP nForce Drivers
"OneTouch Version 3.0"=OneTouch Version 3.0
"PaperPort 7.02"=PaperPort 7.02
"PhotoRecord"=Canon PhotoRecord
"QuickTime"=QuickTime
"Shockwave"=Shockwave
"Shop for HP Supplies"=Shop for HP Supplies
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.3
"SSUtils"=NVIDIA nForce Utilities
"Support.com"=Support.com Software
"Windows CE Services"=Microsoft ActiveSync 3.7
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Abacast Client"=Abacast Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2008 9:00:18 PM | Computer Name = DENNIS-JIF0Z43K | Source = Application Error | ID = 1000
Description = Faulting application set31.tmp, version 9.1.0.429, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/24/2008 9:00:28 PM | Computer Name = DENNIS-JIF0Z43K | Source = Application Error | ID = 1000
Description = Faulting application set33.tmp, version 9.1.0.429, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/25/2008 2:35:23 AM | Computer Name = DENNIS-JIF0Z43K | Source = Application Error | ID = 1000
Description = Faulting application TFService.exe, version 3.8.4.24, faulting module
unknown, version 0.0.0.0, fault address 0x00eaa714.

Error - 10/25/2008 2:37:01 AM | Computer Name = DENNIS-JIF0Z43K | Source = Application Hang | ID = 1002
Description = Hanging application TFGui.exe, version 3.8.4.24, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2008 2:40:21 AM | Computer Name = DENNIS-JIF0Z43K | Source = Application Hang | ID = 1002
Description = Hanging application TFGui.exe, version 3.8.4.24, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2008 2:41:11 AM | Computer Name = DENNIS-JIF0Z43K | Source = Application Hang | ID = 1002
Description = Hanging application TFGui.exe, version 3.8.4.24, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2008 2:41:23 AM | Computer Name = DENNIS-JIF0Z43K | Source = Application Hang | ID = 1002
Description = Hanging application TFGui.exe, version 3.8.4.24, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2008 2:41:31 AM | Computer Name = DENNIS-JIF0Z43K | Source = Application Hang | ID = 1002
Description = Hanging application TFGui.exe, version 3.8.4.24, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2008 2:41:38 AM | Computer Name = DENNIS-JIF0Z43K | Source = Application Hang | ID = 1002
Description = Hanging application TFGui.exe, version 3.8.4.24, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2008 2:41:42 AM | Computer Name = DENNIS-JIF0Z43K | Source = Application Hang | ID = 1002
Description = Hanging application TFGui.exe, version 3.8.4.24, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/28/2008 12:14:56 AM | Computer Name = DENNIS-JIF0Z43K | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/28/2008 2:41:57 AM | Computer Name = DENNIS-JIF0Z43K | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/28/2008 2:41:58 AM | Computer Name = DENNIS-JIF0Z43K | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/28/2008 2:42:00 AM | Computer Name = DENNIS-JIF0Z43K | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/28/2008 2:49:24 AM | Computer Name = DENNIS-JIF0Z43K | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {184F51D8-B677-4C90-BB26-B5742A2D291D}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 10/28/2008 3:04:57 AM | Computer Name = DENNIS-JIF0Z43K | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {184F51D8-B677-4C90-BB26-B5742A2D291D}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 10/28/2008 3:25:32 AM | Computer Name = DENNIS-JIF0Z43K | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {184F51D8-B677-4C90-BB26-B5742A2D291D}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 10/28/2008 3:34:51 AM | Computer Name = DENNIS-JIF0Z43K | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {184F51D8-B677-4C90-BB26-B5742A2D291D}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 10/28/2008 9:27:43 PM | Computer Name = DENNIS-JIF0Z43K | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {184F51D8-B677-4C90-BB26-B5742A2D291D}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 10/28/2008 9:32:00 PM | Computer Name = DENNIS-JIF0Z43K | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {184F51D8-B677-4C90-BB26-B5742A2D291D}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.


< End of report >
Thanks again for your support.
 
And last, but not least, the contents of the ntbtlog.txt:

Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Service Pack 310 28 2008 21:23:23.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver pcmcia.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver si3112r.sys
Loaded driver \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver Windi26.sys
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver SiWinAcc.sys
Loaded driver TfFsMon.sys
Loaded driver TfSysMon.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver nv_agp.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\System32\DRIVERS\amdk7.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbohci.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\System32\DRIVERS\NVENET.sys
Loaded driver \SystemRoot\system32\drivers\nvax.sys
Loaded driver \SystemRoot\system32\drivers\ctoss2k.sys
Loaded driver \SystemRoot\System32\drivers\ctprxy2k.sys
Loaded driver \SystemRoot\system32\drivers\ctaud2k.sys
Loaded driver \SystemRoot\System32\DRIVERS\gameenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\DRIVERS\NTIDrvr.sys
Loaded driver \SystemRoot\System32\DRIVERS\el90Xbc5.SYS
Loaded driver \SystemRoot\System32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys
Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\System32\DRIVERS\serial.sys
Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\parport.sys
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\System32\DRIVERS\IPFilter.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\Drivers\TfKbMon.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\drivers\msmpu401.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\nvapu.sys
Loaded driver \SystemRoot\system32\drivers\ha10kx2k.sys
Loaded driver \SystemRoot\System32\drivers\ctac32k.sys
Loaded driver \SystemRoot\System32\drivers\emupia2k.sys
Loaded driver \SystemRoot\System32\drivers\ctsfm2k.sys
Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\DRIVERS\processr.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\DRIVERS\arp1394.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
Loaded driver \??\C:\WINDOWS\system32\drivers\aslm75.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \??\C:\WINDOWS\System32\PfModNT.sys
Loaded driver \SystemRoot\System32\DRIVERS\secdrv.sys
Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\TfNetMon.sys
Loaded driver \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
 
Hi,

Thanks for the logs.
Thanks also for reporting erdnt folder size. Good deal.

At least one of your system files is infected and partly responsible for re-downloading alot of the junk.
It was a real treat by malware creators to create a blank copy in dllcache. :sad:

You have at least one trojan most likely spamming like mad.
few others I don't know what they are yet & will try & gather samples next round after this if the tool we are going to use next does not catch em.
Combofix should also find a good copy of system file to replace infected one.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Let me know how system is running.
There will most likely be more work to do.

Thanks :)
 
Ran into a big snag. Downloaded combofix.exe, but won't let me run it. When I double click the shortcut on the desktop or combofix.exe in the desktop folder it opens the "publisher could not be varified...... are you sure you want to run this software?" I click "run" and this pops up. "This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel.

On a side note when I started the computer up and before I disabled Tea timer, Threatfire, etc., before I downloaded combofix.exe, the Tea timer came up with about 20 different changes happening one after another. I did not allow any changes, but I am wondering if one of these is the cause of Combofix.exe not wanting to run? Help!?!

Thanks, Dennis
 
Found the resident.log for TeaTimer. Hope this is some help.

9/12/2008 1:37:06 AM Denied value "braviax" (new data: "") deleted in System Startup user entry!
9/12/2008 1:37:24 AM Denied value "MRT" (new data: ""C:\WINDOWS\system32\MRT.exe" /R") added in System Startup global entry!
9/12/2008 1:37:36 AM Denied value "braviax" (new data: "") deleted in System Startup global entry!
9/12/2008 1:43:23 AM Denied value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!
9/12/2008 1:46:49 AM Denied value "Start Page" (new data: "about:blank") changed in Browser page!
9/12/2008 1:50:50 AM Allowed value "Start Page" (new data: "http://www.msn.com/") changed in Browser page!
9/12/2008 1:56:45 AM Allowed value "NWEReboot" (new data: "") deleted in System Startup global entry!
9/12/2008 1:57:03 AM Allowed value "NWEReboot" (new data: "") added in System Startup global entry!
9/12/2008 2:08:14 AM Allowed value "NWEReboot" (new data: "") deleted in System Startup global entry!
9/12/2008 2:09:06 AM Denied value "MSConfig" (new data: "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto") added in System Startup global entry!
9/12/2008 2:19:37 AM Allowed value "braviax" (new data: "") deleted in System Startup user entry!
9/12/2008 2:23:26 AM Denied value "braviax" (new data: "C:\WINDOWS\system32\braviax.exe") added in System Startup user entry!
9/12/2008 2:23:35 AM Denied value "NWEReboot" (new data: "") added in System Startup global entry!
9/12/2008 2:59:39 AM Denied value "ISTray" (new data: ""C:\Program Files\Spyware Doctor\pctsTray.exe"") added in System Startup global entry!
9/14/2008 10:34:18 AM Allowed value "ISTray" (new data: "") deleted in System Startup global entry!
9/16/2008 7:59:52 PM Allowed (based on user decision) value "WinCtrl32" (new data: "") deleted in Winlogon Notifiers!
9/16/2008 8:00:44 PM Allowed (based on user decision) value "SpybotDeletingB2896" (new data: "command /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup user entry!
9/16/2008 8:01:05 PM Allowed (based on user decision) value "SpybotDeletingD1203" (new data: "cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup user entry!
9/16/2008 8:01:16 PM Allowed (based on user decision) value "SpybotDeletingA2136" (new data: "command /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup global entry!
9/16/2008 8:01:29 PM Allowed (based on user decision) value "SpybotDeletingC4334" (new data: "cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup global entry!
9/16/2008 8:01:44 PM Allowed (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/16/2008 8:23:13 PM Denied (based on user decision) value "SpybotDeletingB7962" (new data: "command /c del "C:\WINDOWS\system32\phc9g6j0e9fj.bmp"") added in System Startup user entry!
9/16/2008 8:23:18 PM Denied (based on user decision) value "SpybotDeletingD8752" (new data: "cmd /c del "C:\WINDOWS\system32\phc9g6j0e9fj.bmp"") added in System Startup user entry!
9/16/2008 8:23:23 PM Denied (based on user decision) value "SpybotDeletingB1280" (new data: "command /c del "C:\WINDOWS\system32\WinCtrl32.dll"") added in System Startup user entry!
9/16/2008 8:23:27 PM Denied (based on user decision) value "SpybotDeletingD2756" (new data: "cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll"") added in System Startup user entry!
9/16/2008 8:23:32 PM Denied (based on user decision) value "SpybotDeletingA6358" (new data: "command /c del "C:\WINDOWS\system32\phc9g6j0e9fj.bmp"") added in System Startup global entry!
9/16/2008 8:23:37 PM Denied (based on user decision) value "SpybotDeletingC8315" (new data: "cmd /c del "C:\WINDOWS\system32\phc9g6j0e9fj.bmp"") added in System Startup global entry!
9/16/2008 8:23:39 PM Denied (based on user decision) value "SpybotDeletingA6489" (new data: "command /c del "C:\WINDOWS\system32\WinCtrl32.dll"") added in System Startup global entry!
9/16/2008 8:23:41 PM Denied (based on user decision) value "SpybotDeletingC6243" (new data: "cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll"") added in System Startup global entry!
9/16/2008 8:26:37 PM Denied (based on user decision) value "SpybotDeletingB2896" (new data: "") deleted in System Startup user entry!
9/16/2008 8:26:39 PM Denied (based on user decision) value "SpybotDeletingD1203" (new data: "") deleted in System Startup user entry!
9/16/2008 8:26:40 PM Denied (based on user decision) value "SpybotDeletingA2136" (new data: "") deleted in System Startup global entry!
9/16/2008 8:26:41 PM Denied (based on user decision) value "SpybotDeletingC4334" (new data: "") deleted in System Startup global entry!
9/16/2008 8:31:18 PM Allowed (based on user decision) value "Start Page" (new data: "about:blank") changed in Browser page!
9/16/2008 8:32:00 PM Allowed (based on user decision) value "Start Page" (new data: "http://www.msn.com/") changed in Browser page!
9/16/2008 9:25:25 PM Denied (based on user decision) value "SpybotDeletingB2896" (new data: "") deleted in System Startup user entry!
9/16/2008 9:25:32 PM Denied (based on user decision) value "SpybotDeletingD1203" (new data: "") deleted in System Startup user entry!
9/16/2008 9:25:33 PM Denied (based on user decision) value "SpybotDeletingA2136" (new data: "") deleted in System Startup global entry!
9/16/2008 9:25:34 PM Denied (based on user decision) value "SpybotDeletingC4334" (new data: "") deleted in System Startup global entry!
9/17/2008 12:11:41 AM Denied (based on user decision) value "SpybotDeletingB2896" (new data: "") deleted in System Startup user entry!
9/17/2008 12:11:43 AM Denied (based on user decision) value "SpybotDeletingD1203" (new data: "") deleted in System Startup user entry!
9/17/2008 12:11:44 AM Denied (based on user decision) value "SpybotDeletingA2136" (new data: "") deleted in System Startup global entry!
9/17/2008 12:11:45 AM Denied (based on user decision) value "SpybotDeletingC4334" (new data: "") deleted in System Startup global entry!
9/17/2008 12:57:24 AM Allowed (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\System32\ssstars.scr") changed in Desktop settings!
9/17/2008 12:58:54 AM Denied (based on user decision) value "SpybotDeletingB2896" (new data: "") deleted in System Startup user entry!
9/17/2008 12:58:55 AM Denied (based on user decision) value "SpybotDeletingD1203" (new data: "") deleted in System Startup user entry!
9/17/2008 12:58:55 AM Denied (based on user decision) value "SpybotDeletingA2136" (new data: "") deleted in System Startup global entry!
9/17/2008 12:58:56 AM Denied (based on user decision) value "SpybotDeletingC4334" (new data: "") deleted in System Startup global entry!
9/17/2008 12:59:20 AM Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\blphc9g6j0e9fj.scr") changed in Desktop settings!
9/17/2008 1:05:27 AM Denied (based on user decision) value "SpybotDeletingB2896" (new data: "") deleted in System Startup user entry!
9/17/2008 1:05:29 AM Denied (based on user decision) value "SpybotDeletingD1203" (new data: "") deleted in System Startup user entry!
9/17/2008 1:05:31 AM Denied (based on user decision) value "SpybotDeletingA2136" (new data: "") deleted in System Startup global entry!
9/17/2008 1:05:32 AM Denied (based on user decision) value "SpybotDeletingC4334" (new data: "") deleted in System Startup global entry!
9/17/2008 1:05:41 AM Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\blphc9g6j0e9fj.scr") changed in Desktop settings!
9/17/2008 1:43:33 AM Denied (based on user decision) value "SpybotDeletingB8202" (new data: "command /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup user entry!
9/17/2008 1:43:36 AM Denied (based on user decision) value "SpybotDeletingD5947" (new data: "cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup user entry!
9/17/2008 1:43:37 AM Denied (based on user decision) value "SpybotDeletingA1967" (new data: "command /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup global entry!
9/17/2008 1:43:38 AM Denied (based on user decision) value "SpybotDeletingC7752" (new data: "cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup global entry!
9/17/2008 1:46:08 AM Denied (based on user decision) value "SpybotDeletingB2896" (new data: "") deleted in System Startup user entry!
9/17/2008 1:46:12 AM Denied (based on user decision) value "SpybotDeletingD1203" (new data: "") deleted in System Startup user entry!
9/17/2008 1:46:13 AM Denied (based on user decision) value "SpybotDeletingA2136" (new data: "") deleted in System Startup global entry!
9/17/2008 1:46:14 AM Denied (based on user decision) value "SpybotDeletingC4334" (new data: "") deleted in System Startup global entry!
9/17/2008 1:46:24 AM Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\blphc9g6j0e9fj.scr") changed in Desktop settings!
9/17/2008 8:24:23 PM Denied (based on user decision) value "SpybotDeletingB2896" (new data: "") deleted in System Startup user entry!
9/17/2008 8:24:28 PM Denied (based on user decision) value "SpybotDeletingD1203" (new data: "") deleted in System Startup user entry!
9/17/2008 8:24:28 PM Denied (based on user decision) value "SpybotDeletingA2136" (new data: "") deleted in System Startup global entry!
9/17/2008 8:24:31 PM Denied (based on user decision) value "SpybotDeletingC4334" (new data: "") deleted in System Startup global entry!
9/17/2008 8:24:51 PM Allowed (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\blphc9g6j0e9fj.scr") changed in Desktop settings!
9/17/2008 10:11:06 PM Denied (based on user decision) value "SpybotDeletingB2896" (new data: "") deleted in System Startup user entry!
9/17/2008 10:11:08 PM Denied (based on user decision) value "SpybotDeletingD1203" (new data: "") deleted in System Startup user entry!
9/17/2008 10:11:09 PM Denied (based on user decision) value "SpybotDeletingA2136" (new data: "") deleted in System Startup global entry!
9/17/2008 10:11:10 PM Denied (based on user decision) value "SpybotDeletingC4334" (new data: "") deleted in System Startup global entry!
9/17/2008 11:31:44 PM Denied (based on user decision) value "SpybotDeletingB2896" (new data: "") deleted in System Startup user entry!
9/17/2008 11:31:47 PM Denied (based on user decision) value "SpybotDeletingD1203" (new data: "") deleted in System Startup user entry!
9/17/2008 11:31:50 PM Denied (based on user decision) value "SpybotDeletingA2136" (new data: "") deleted in System Startup global entry!
9/17/2008 11:31:52 PM Denied (based on user decision) value "SpybotDeletingC4334" (new data: "") deleted in System Startup global entry!
9/19/2008 6:29:00 PM Denied (based on user decision) value "SpybotDeletingB2896" (new data: "") deleted in System Startup user entry!
9/19/2008 6:29:05 PM Denied (based on user decision) value "SpybotDeletingD1203" (new data: "") deleted in System Startup user entry!
9/19/2008 6:29:06 PM Denied (based on user decision) value "SpybotDeletingA2136" (new data: "") deleted in System Startup global entry!
9/19/2008 6:29:08 PM Denied (based on user decision) value "SpybotDeletingC4334" (new data: "") deleted in System Startup global entry!
9/19/2008 7:41:19 PM Denied (based on user decision) value "SpybotDeletingB2896" (new data: "") deleted in System Startup user entry!
9/19/2008 7:41:20 PM Denied (based on user decision) value "SpybotDeletingD1203" (new data: "") deleted in System Startup user entry!
9/19/2008 7:41:22 PM Denied (based on user decision) value "SpybotDeletingA2136" (new data: "") deleted in System Startup global entry!
9/19/2008 7:41:22 PM Denied (based on user decision) value "SpybotDeletingC4334" (new data: "") deleted in System Startup global entry!
9/19/2008 7:46:58 PM Allowed (based on user whitelist) value "scrnsave.exe" (new data: "C:\WINDOWS\System32\ssstars.scr") changed in Desktop settings!
9/19/2008 8:03:51 PM Denied (based on user decision) value "SpybotDeletingB9505" (new data: "command /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup user entry!
9/19/2008 8:03:52 PM Denied (based on user decision) value "SpybotDeletingD1290" (new data: "cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup user entry!
9/19/2008 8:03:53 PM Denied (based on user decision) value "SpybotDeletingA3649" (new data: "command /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup global entry!
9/19/2008 8:03:54 PM Denied (based on user decision) value "SpybotDeletingC2274" (new data: "cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup global entry!
9/19/2008 10:30:06 PM Denied (based on user decision) value "SpybotDeletingB2896" (new data: "") deleted in System Startup user entry!
9/19/2008 10:30:13 PM Denied (based on user decision) value "SpybotDeletingD1203" (new data: "") deleted in System Startup user entry!
9/19/2008 10:30:17 PM Denied (based on user decision) value "SpybotDeletingA2136" (new data: "") deleted in System Startup global entry!
9/19/2008 10:30:18 PM Denied (based on user decision) value "SpybotDeletingC4334" (new data: "") deleted in System Startup global entry!
9/19/2008 10:30:40 PM Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\blphc9g6j0e9fj.scr") changed in Desktop settings!
9/19/2008 11:00:27 PM Denied (based on user decision) value "SpybotDeletingB2896" (new data: "") deleted in System Startup user entry!
9/19/2008 11:00:28 PM Denied (based on user decision) value "SpybotDeletingD1203" (new data: "") deleted in System Startup user entry!
9/19/2008 11:00:30 PM Denied (based on user decision) value "SpybotDeletingA2136" (new data: "") deleted in System Startup global entry!
9/19/2008 11:00:45 PM Denied (based on user decision) value "SpybotDeletingC4334" (new data: "") deleted in System Startup global entry!
9/19/2008 11:13:55 PM Allowed (based on user decision) value "SpybotDeletingB2896" (new data: "") deleted in System Startup user entry!
9/19/2008 11:14:01 PM Allowed (based on user decision) value "SpybotDeletingD1203" (new data: "") deleted in System Startup user entry!
9/19/2008 11:14:08 PM Allowed (based on user decision) value "SpybotDeletingA2136" (new data: "") deleted in System Startup global entry!
9/19/2008 11:14:18 PM Allowed (based on user decision) value "SpybotDeletingC4334" (new data: "") deleted in System Startup global entry!
9/20/2008 1:46:38 PM Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\blphc9g6j0e9fj.scr") changed in Desktop settings!
9/20/2008 3:00:00 PM Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\blphc9g6j0e9fj.scr") changed in Desktop settings!
9/23/2008 9:25:45 PM Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\blphc9g6j0e9fj.scr") changed in Desktop settings!
9/23/2008 11:30:02 PM Denied (based on user decision) value "swg" (new data: "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe") added in System Startup user entry!
9/24/2008 7:41:47 PM Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\blphc9g6j0e9fj.scr") changed in Desktop settings!
9/25/2008 5:37:23 PM Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\blphc9g6j0e9fj.scr") changed in Desktop settings!
9/25/2008 6:53:11 PM Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\blphc9g6j0e9fj.scr") changed in Desktop settings!
9/25/2008 8:53:45 PM Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\blphc9g6j0e9fj.scr") changed in Desktop settings!
9/26/2008 9:02:11 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
lsdelete
sprecovr \SystemRoot\sprecovr.txt
") changed in Session manager!
9/26/2008 9:09:05 PM Allowed (based on user decision) value "TSClientMSIUninstaller" (new data: "cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"") added in System Startup user entry!
9/26/2008 9:09:35 PM Allowed (based on user decision) value "TSClientAXDisabler" (new data: "cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"") added in System Startup user entry!
9/26/2008 9:09:53 PM Allowed (based on user decision) value "dimsntfy" (new data: "") added in Winlogon Notifiers!
9/26/2008 9:10:24 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") changed in Session manager!
9/26/2008 10:19:25 PM Denied (based on user decision) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
9/26/2008 10:19:36 PM Denied (based on user decision) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
9/26/2008 10:19:36 PM Allowed (based on lassh blacklist) value "{7E853D72-626A-48EC-A868-BA8D5E23E045}" (new data: "") added in Browser Helper Object!
9/26/2008 10:38:58 PM Denied (based on user decision) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
9/26/2008 10:39:05 PM Denied (based on user decision) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
9/26/2008 11:32:57 PM Allowed (based on user decision) value "WinCtrl32" (new data: "") deleted in Winlogon Notifiers!
9/26/2008 11:33:19 PM Denied (based on user decision) value "SpybotDeletingB2860" (new data: "command /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup user entry!
9/26/2008 11:33:24 PM Denied (based on user decision) value "SpybotDeletingD5243" (new data: "cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup user entry!
9/26/2008 11:33:39 PM Denied (based on user decision) value "SpybotDeletingA4756" (new data: "command /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup global entry!
9/26/2008 11:33:47 PM Denied (based on user decision) value "SpybotDeletingC1256" (new data: "cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup global entry!
9/26/2008 11:33:50 PM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/26/2008 11:34:27 PM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/26/2008 11:34:36 PM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/26/2008 11:35:17 PM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/26/2008 11:35:32 PM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/26/2008 11:37:03 PM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/26/2008 11:37:13 PM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/26/2008 11:37:21 PM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/27/2008 12:05:55 AM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/27/2008 12:06:02 AM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/27/2008 12:06:13 AM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/27/2008 12:06:25 AM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/27/2008 12:06:34 AM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/27/2008 12:06:52 AM Allowed (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
9/28/2008 9:43:31 AM Denied (based on user decision) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
9/28/2008 9:43:32 AM Denied (based on user decision) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
9/29/2008 12:36:59 AM Denied (based on user decision) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
9/29/2008 12:37:02 AM Denied (based on user decision) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
9/29/2008 12:44:16 AM Allowed (based on user decision) value "lphc9g6j0e9fj" (new data: "") deleted in System Startup global entry!
9/29/2008 12:44:25 AM Allowed (based on lassh blacklist) value "MSConfig" (new data: "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto") added in System Startup global entry!
9/29/2008 12:49:13 AM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
9/29/2008 12:49:17 AM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
9/29/2008 12:49:46 AM Denied (based on user decision) value "lphc9g6j0e9fj" (new data: "C:\WINDOWS\system32\lphc9g6j0e9fj.exe") added in System Startup global entry!
9/29/2008 12:51:30 AM Allowed (based on user whitelist) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\ssstars.scr") changed in Desktop settings!
9/29/2008 2:09:00 AM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
9/29/2008 2:09:17 AM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
9/29/2008 2:12:59 AM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
9/29/2008 2:12:59 AM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
9/29/2008 2:13:13 AM Denied (based on user decision) value "lphc9g6j0e9fj" (new data: "C:\WINDOWS\system32\lphc9g6j0e9fj.exe") added in System Startup global entry!
9/29/2008 7:38:36 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
9/29/2008 7:38:37 PM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
9/29/2008 7:38:53 PM Denied (based on user decision) value "lphc9g6j0e9fj" (new data: "C:\WINDOWS\system32\lphc9g6j0e9fj.exe") added in System Startup global entry!
9/30/2008 9:11:18 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
9/30/2008 9:11:19 PM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
9/30/2008 9:11:26 PM Denied (based on user decision) value "lphc9g6j0e9fj" (new data: "C:\WINDOWS\system32\lphc9g6j0e9fj.exe") added in System Startup global entry!
10/2/2008 6:38:16 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/2/2008 6:38:16 PM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
10/2/2008 6:38:24 PM Denied (based on user decision) value "lphc9g6j0e9fj" (new data: "C:\WINDOWS\system32\lphc9g6j0e9fj.exe") added in System Startup global entry!
10/2/2008 6:38:38 PM Denied (based on user decision) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\blphc9g6j0e9fj.scr") changed in Desktop settings!
10/2/2008 10:35:39 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/2/2008 10:35:43 PM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
10/2/2008 10:38:33 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/2/2008 10:38:33 PM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
10/2/2008 10:38:44 PM Denied (based on user decision) value "lphc9g6j0e9fj" (new data: "C:\WINDOWS\system32\lphc9g6j0e9fj.exe") added in System Startup global entry!
10/2/2008 10:42:09 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/2/2008 10:42:21 PM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
10/2/2008 10:50:14 PM Denied (based on user decision) value "lphc9g6j0e9fj" (new data: "C:\WINDOWS\system32\lphc9g6j0e9fj.exe") added in System Startup global entry!
10/3/2008 12:40:57 AM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/3/2008 12:40:57 AM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
10/3/2008 12:41:04 AM Denied (based on user decision) value "lphc9g6j0e9fj" (new data: "C:\WINDOWS\system32\lphc9g6j0e9fj.exe") added in System Startup global entry!
10/3/2008 3:42:52 AM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/3/2008 3:42:59 AM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
10/3/2008 3:47:42 AM Denied (based on user decision) value "lphc9g6j0e9fj" (new data: "C:\WINDOWS\system32\lphc9g6j0e9fj.exe") added in System Startup global entry!
10/3/2008 7:39:21 AM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/3/2008 7:39:21 AM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
10/3/2008 7:39:28 AM Denied (based on user decision) value "lphc9g6j0e9fj" (new data: "C:\WINDOWS\system32\lphc9g6j0e9fj.exe") added in System Startup global entry!
10/3/2008 7:39:28 AM Allowed (based on lassh blacklist) value "MSConfig" (new data: "") deleted in System Startup global entry!
10/4/2008 10:23:35 AM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/4/2008 10:23:35 AM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
10/4/2008 12:14:05 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/4/2008 12:14:06 PM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
10/5/2008 1:01:30 AM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/5/2008 1:01:30 AM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
10/5/2008 3:06:10 AM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/5/2008 3:06:10 AM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
10/5/2008 3:32:42 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/5/2008 3:32:42 PM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
10/6/2008 10:10:42 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/6/2008 10:10:42 PM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
10/6/2008 10:10:43 PM Denied (based on Spybot-S&D scan) value "braviax" (new data: "C:\WINDOWS\system32\braviax.exe") added in System Startup global entry!
10/6/2008 10:10:50 PM Encountered and terminated Fraud.AntiMalwares in C:\WINDOWS\system32\braviax.exe!
10/6/2008 10:12:16 PM Denied (based on user decision) value "Start Page" (new data: "http://www.google.com") changed in Browser page!
10/6/2008 10:13:47 PM Denied (based on Spybot-S&D scan) value "braviax" (new data: "C:\WINDOWS\system32\braviax.exe") added in System Startup global entry!
10/6/2008 10:59:15 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/6/2008 10:59:15 PM Denied (based on user blacklist) value "TSClientAXDisabler" (new data: "") deleted in System Startup user entry!
10/6/2008 10:59:35 PM Denied (based on user decision) value "braviax" (new data: "C:\WINDOWS\system32\braviax.exe") added in System Startup global entry!
10/6/2008 10:59:39 PM Denied (based on user decision) value "Start Page" (new data: "http://www.google.com") changed in Browser page!
10/6/2008 11:34:35 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/6/2008 11:55:30 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/6/2008 11:55:30 PM Denied (based on user blacklist) value "braviax" (new data: "C:\WINDOWS\system32\braviax.exe") added in System Startup global entry!
10/6/2008 11:55:34 PM Denied (based on user decision) value "Start Page" (new data: "http://www.google.com") changed in Browser page!
10/7/2008 12:17:54 AM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/7/2008 12:17:58 AM Denied (based on user decision) value "Start Page" (new data: "http://www.google.com") changed in Browser page!
10/22/2008 8:53:48 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/22/2008 8:54:22 PM Allowed (based on user decision) value "ThreatFire" (new data: "C:\Program Files\ThreatFire\TFTray.exe") added in System Startup global entry!
10/22/2008 8:54:42 PM Denied (based on user decision) value "brastk" (new data: "brastk.exe") added in System Startup global entry!
10/24/2008 5:58:46 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/24/2008 5:58:47 PM Denied (based on user blacklist) value "brastk" (new data: "brastk.exe") added in System Startup global entry!
10/24/2008 8:51:46 PM Denied (based on user blacklist) value "brastk" (new data: "brastk.exe") added in System Startup global entry!
10/24/2008 8:55:27 PM Denied (based on user decision) value "FlashPlayerUpdate" (new data: "C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe") added in System Startup user entry!
10/24/2008 10:37:53 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/24/2008 10:37:54 PM Denied (based on user blacklist) value "brastk" (new data: "brastk.exe") added in System Startup global entry!
10/24/2008 10:51:46 PM Allowed (based on user decision) value "Spybot - Search & Destroy" (new data: ""C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck") added in System Startup global entry!
10/24/2008 11:26:29 PM Allowed (based on user decision) value "WinCtrl32" (new data: "") deleted in Winlogon Notifiers!
10/24/2008 11:26:48 PM Denied (based on user decision) value "SpybotDeletingB5548" (new data: "command /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup user entry!
10/24/2008 11:26:52 PM Denied (based on user decision) value "SpybotDeletingD6004" (new data: "cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup user entry!
10/24/2008 11:26:55 PM Denied (based on user decision) value "SpybotDeletingA1143" (new data: "command /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup global entry!
10/24/2008 11:26:58 PM Denied (based on user decision) value "SpybotDeletingC9689" (new data: "cmd /c del "C:\WINDOWS\system32\WinCtrl32.dll_old"") added in System Startup global entry!
10/24/2008 11:27:03 PM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:27:23 PM Denied (based on user decision) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:27:32 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:27:42 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:27:52 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:28:02 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:28:12 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:28:22 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:28:32 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:28:42 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:28:52 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:29:01 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:29:11 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:29:21 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:29:35 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:29:42 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:29:52 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:30:02 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:30:12 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:30:22 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:30:32 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:30:42 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:30:52 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:31:02 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:31:13 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:31:22 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:31:33 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:31:47 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:32:05 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:32:12 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:32:23 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:32:32 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:32:44 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:32:53 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:33:02 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:33:12 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:33:23 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:33:33 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:33:43 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:33:52 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:34:03 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:34:13 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:34:22 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:34:33 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:34:42 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:34:53 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:35:02 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:35:20 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:35:30 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:35:41 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:35:50 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:36:11 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:36:21 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:36:32 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:36:48 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:37:01 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:37:09 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:37:19 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:37:29 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:37:39 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:37:49 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:37:59 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:38:09 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:38:19 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:38:29 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:38:39 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:38:49 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:39:00 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:39:10 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:39:20 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:39:30 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:39:40 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:39:49 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:39:59 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:40:09 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:40:23 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:40:30 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:40:40 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:40:50 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:40:59 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:41:13 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:41:24 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:41:38 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:41:49 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:41:59 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:42:09 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:42:19 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:42:29 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:42:39 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:42:50 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:43:00 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/24/2008 11:43:10 PM Denied (based on user blacklist) value "WinCtrl32" (new data: "") added in Winlogon Notifiers!
10/27/2008 7:01:00 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/27/2008 7:01:49 PM Denied (based on user decision) value "Spybot - Search & Destroy" (new data: "") deleted in System Startup global entry!
10/27/2008 7:20:40 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/27/2008 7:20:41 PM Denied (based on user blacklist) value "Spybot - Search & Destroy" (new data: "") deleted in System Startup global entry!
10/27/2008 11:50:23 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/27/2008 11:50:26 PM Denied (based on user blacklist) value "Spybot - Search & Destroy" (new data: "") deleted in System Startup global entry!
10/28/2008 12:06:00 AM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/28/2008 12:06:02 AM Denied (based on user blacklist) value "Spybot - Search & Destroy" (new data: "") deleted in System Startup global entry!
10/28/2008 8:19:12 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/28/2008 8:19:12 PM Denied (based on user blacklist) value "brastk" (new data: "brastk.exe") added in System Startup global entry!
10/28/2008 8:19:13 PM Denied (based on user blacklist) value "Spybot - Search & Destroy" (new data: "") deleted in System Startup global entry!
10/28/2008 9:21:07 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/28/2008 9:21:07 PM Denied (based on user blacklist) value "brastk" (new data: "brastk.exe") added in System Startup global entry!
10/28/2008 9:21:07 PM Denied (based on user blacklist) value "Spybot - Search & Destroy" (new data: "") deleted in System Startup global entry!
10/28/2008 9:26:49 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/28/2008 9:26:50 PM Denied (based on user blacklist) value "brastk" (new data: "brastk.exe") added in System Startup global entry!
10/28/2008 9:26:50 PM Denied (based on user blacklist) value "Spybot - Search & Destroy" (new data: "") deleted in System Startup global entry!
10/28/2008 9:27:18 PM Denied (based on user blacklist) value "brastk" (new data: "brastk.exe") added in System Startup global entry!
10/29/2008 7:45:39 PM Denied (based on user blacklist) value "TSClientMSIUninstaller" (new data: "") deleted in System Startup user entry!
10/29/2008 7:45:41 PM Denied (based on user blacklist) value "brastk" (new data: "brastk.exe") added in System Startup global entry!
10/29/2008 7:45:41 PM Denied (based on user blacklist) value "Spybot - Search & Destroy" (new data: "") deleted in System Startup global entry!
10/29/2008 7:57:25 PM Denied (based on user decision) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") added in System Startup user entry!
10/29/2008 7:57:29 PM Allowed (based on lassh blacklist) value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
10/29/2008 7:57:34 PM Allowed (based on lassh blacklist) value "H/PC Connection Agent" (new data: ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"") added in System Startup user entry!
10/29/2008 7:57:40 PM Allowed (based on authenticode whitelist) value "SpybotSD TeaTimer" (new data: "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe") added in System Startup user entry!
10/29/2008 7:57:40 PM Allowed (based on lassh blacklist) value "POINTER" (new data: "point32.exe") added in System Startup global entry!
10/29/2008 7:58:11 PM Denied (based on user decision) value "OneTouch Monitor" (new data: "C:\PROGRA~1\VISION~1\ONETOU~2.EXE") added in System Startup global entry!
10/29/2008 7:58:20 PM Allowed (based on lassh blacklist) value "nForce Tray Options" (new data: "sstray.exe /r") added in System Startup global entry!
10/29/2008 7:58:26 PM Allowed (based on lassh blacklist) value "ATICCC" (new data: ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay") added in System Startup global entry!
10/29/2008 7:58:51 PM Denied (based on user decision) value "NvCplDaemon" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup") added in System Startup global entry!
10/29/2008 7:59:32 PM Denied (based on user decision) value "ThreatFire" (new data: "C:\Program Files\ThreatFire\TFTray.exe") added in System Startup global entry!
10/29/2008 7:59:33 PM Denied (based on user blacklist) value "brastk" (new data: "brastk.exe") added in System Startup global entry!
10/29/2008 7:59:57 PM Denied (based on user decision) value "Local Page" (new data: "C:\WINDOWS\system32\blank.htm") added in Browser page!
10/29/2008 8:00:02 PM Denied (based on user decision) value "Search Page" (new data: "http://www.google.com") added in Browser page!
10/29/2008 8:00:06 PM Denied (based on user decision) value "Search Bar" (new data: "http://www.google.com/ie") added in Browser page!
10/29/2008 8:00:14 PM Denied (based on user decision) value "Start Page" (new data: "http://www.msn.com/") added in Browser page!
10/29/2008 8:00:17 PM Denied (based on user decision) value "SearchAssistant" (new data: "http://www.google.com") added in Browser page!
10/29/2008 8:00:21 PM Denied (based on user decision) value "" (new data: "http://home.microsoft.com/access/autosearch.asp?p=%s") added in Browser page!
10/29/2008 8:00:27 PM Denied (based on user decision) value "Local Page" (new data: "%SystemRoot%\system32\blank.htm") added in Browser page!
10/29/2008 8:00:30 PM Denied (based on user decision) value "Search Page" (new data: "http://www.google.com") added in Browser page!
10/29/2008 8:00:34 PM Denied (based on user decision) value "Search Bar" (new data: "http://home.microsoft.com/search/lobby/search.asp") added in Browser page!
10/29/2008 8:00:37 PM Denied (based on user decision) value "Start Page" (new data: "http://www.google.com") added in Browser page!
10/29/2008 8:00:40 PM Denied (based on user decision) value "Default_Page_URL" (new data: "http://www.yahoo.com") added in Browser page!
10/29/2008 8:00:43 PM Denied (based on user decision) value "Default_Search_URL" (new data: "http://www.google.com/ie") added in Browser page!
10/29/2008 8:00:46 PM Denied (based on user decision) value "SearchAssistant" (new data: "http://www.google.com") added in Browser page!
10/29/2008 8:00:50 PM Denied (based on user decision) value "CustomizeSearch" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm") added in Browser page!
10/29/2008 8:00:53 PM Denied (based on user decision) value "" (new data: "http://home.microsoft.com/access/autosearch.asp?p=%s") added in Browser page!
10/29/2008 8:00:58 PM Denied (based on user decision) value "" (new data: ""%1" %*") added in BAT Extension handler!
10/29/2008 8:01:01 PM Denied (based on user decision) value "" (new data: ""%1" %*") added in COM Extension handler!
10/29/2008 8:01:04 PM Denied (based on user decision) value "" (new data: ""%1" %*") added in EXE Extension handler!
10/29/2008 8:01:07 PM Denied (based on user decision) value "" (new data: ""%1" %*") added in PIF Extension handler!
10/29/2008 8:01:10 PM Denied (based on user decision) value "" (new data: ""%1" /S") added in SCR Extension handler!
10/29/2008 8:01:24 PM Denied (based on user decision) value "" (new data: "regedit.exe "%1"") added in REG Extension handler!
10/29/2008 8:01:27 PM Denied (based on user decision) value "" (new data: ""%1" %*") added in CMD Extension handler!
10/29/2008 8:01:30 PM Denied (based on user decision) value "AutoRun" (new data: "") added in Command processor!
10/29/2008 8:01:34 PM Denied (based on user decision) value "load" (new data: "") added in NT startup!
10/29/2008 8:01:40 PM Denied (based on user decision) value "programs" (new data: "com exe bat pif cmd") added in NT startup!
10/29/2008 8:01:52 PM Denied (based on user decision) value "UserInit" (new data: "C:\WINDOWS\system32\userinit.exe,") added in Winlogon!
10/29/2008 8:02:01 PM Denied (based on user decision) value "Shell" (new data: "Explorer.exe") added in Winlogon!
10/29/2008 8:02:05 PM Denied (based on user decision) value "System" (new data: "") added in Winlogon!
10/29/2008 8:02:08 PM Denied (based on user decision) value "DefaultUserName" (new data: "Dennis") added in Winlogon!
10/29/2008 8:02:20 PM Denied (based on user decision) value "PostBootReminder" (new data: "{7849596a-48ea-486e-8937-a2a3009f31a9}") added in Shell services!
10/29/2008 8:02:30 PM Denied (based on user decision) value "CDBurn" (new data: "{fbeb8a05-beee-4442-804e-409d6c4515e9}") added in Shell services!
10/29/2008 8:02:41 PM Denied (based on user decision) value "WebCheck" (new data: "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}") added in Shell services!
10/29/2008 8:02:53 PM Denied (based on user decision) value "SysTray" (new data: "{35CEC8A3-2BE6-11D2-8773-92E220524153}") added in Shell services!
10/29/2008 8:03:04 PM Denied (based on user decision) value "WPDShServiceObj" (new data: "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}") added in Shell services!
10/29/2008 8:03:08 PM Denied (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") added in Session manager!
10/29/2008 8:03:14 PM Denied (based on user decision) value "ExcludeFromKnownDlls" (new data: "") added in Session manager!
10/29/2008 8:03:18 PM Denied (based on user decision) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
10/29/2008 8:03:21 PM Denied (based on user decision) value "ExcludeFromKnownDlls" (new data: "") added in Session manager!
10/29/2008 8:03:23 PM Denied (based on user decision) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
10/29/2008 8:03:27 PM Denied (based on user decision) value "ExcludeFromKnownDlls" (new data: "") added in Session manager!
10/29/2008 8:03:33 PM Allowed (based on user whitelist) value "scrnsave.exe" (new data: "C:\WINDOWS\system32\ssstars.scr") added in Desktop settings!
10/29/2008 8:03:44 PM Denied (based on user decision) value "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (new data: "") added in Internet Explorer searches!
10/29/2008 8:03:45 PM Denied (based on user blacklist) value "brastk" (new data: "brastk.exe") added in System Startup global entry!
 
Hi,

Ok.. TeaTimer is really going to interfere bad with ComboFix.
Combofix is doing alot of repairs the malware trashed.
Combofix deletes known bad registry entries and files and does repairs to the system.
It is really important you allow this to happen but TeaTimer is stopping the repair process!
Some files if deleted and its associated registry entry is not repaired the system may not boot up properly.

Make sure TeaTimer is disabled till we are done & have reset it so it starts out as if brand new with only good known trusted entries allowed.

How to disable TeaTimer:

http://russelltexas.com/malware/teatimer.htm

Once disabled & you have rebooted please download & run this:

http://downloads.subratam.org/ResetTeaTimer.bat

It will only take a few seconds to complete.
Make sure the above is complete before running ComboFix again please.
If you can't stop it -- let me know before you continue.

Once done disable antimalware programs and run ComboFix again please.
Make sure they are disabled so they don't interfere when CF (combofix) reboots the machine. Not just shut off because full protection is there at boot again & will interfere with CF.

More detailed guide here:
http://www.bleepingcomputer.com/forums/topic114351.html

follow same instructions as my previous post for running combofix.

Post the C:\combofix.txt and let me know how system is running.
Don't turn on TeaTimer yet please! but you can turn on other antimalware.

Thanks :)
 
Sorry for delay.
For some reason I am not getting notified of replies.

What exactly happens when you try?
At which point does login fail please?

Did you run anything else before running combofix? If so -- what?

Did you allow install of the recovery console when you ran Combofix?

Don't try anything else yet please. ComboFix set us up with a couple options for recovery so we should be able to get things back in order.
I just need more info about what you are seeing etc to figure out our next step.

If you did not install recovery console -- do you have your XP CD?

Thanks

Blender
 
Also...
When CF was running... see any error messages?
CF reboot the machine then finish or was it at this point log-in failed so CF did not complete?

Try tell me as much details as you can please.

Thanks,

blender
 
Thanks for your time Blender. To answer several of your questions all at once, combofix did not run. I downloaded it, but when I double-clicked on the desktop icon I would get the error message as stated in my previous post.

As to the login problem, the system boots up just fine & I can click on my name, type in my password, then it will flash my wallpaper for just a millisecond, then say "logging out, saving your settings". It does the same thing on any sign in including my wife's login, guest, or even as administrator in safe mode. :oops:

Just about to head off to work, so I'll be back later this evening.

Thanks, Dennis. :red:
 
Hi,

Thanks for the info :)

One of 2 things happend & both are recoverable.
1. Userinit.exe was deleted/replaced by something
2. Registry entry that loads userinit.exe is broken/missing.

Don't let anyone else try anything just yet.
First thing I want you to try is "last known good"
Restart system as if going to safe mode.
Instead of choosing safe mode choose "last known good configuration" then hit enter.

If good will be with us -- system will start.

If it starts -- please make another erunt backup.
Please also post a new set of logs from OTViewIt.

Don't do anything further yet.
And keep TeaTimer off till I get back to you please!

Can you also tell me what version is your Spybot?

If system still displays same symptoms when logging in -- do nothing further. but let me know.

Thanks.
 
I think I see what happened.

When you saw all these changes happening that TeaTimer (TT) was warning you about (when ThreatFire (TF) was running) you denied alot of these changes. TF was making changes for the good fixing up stuff..
Alot of these changes that were denied were important to how the system boots and how it runs.
Your file associations all got borked, login got borked plus many other things.
I mean like 30 or more important registry keys/values got deleted.
It looks like TF deletes the bad registry value then rebuilds it when it fixes stuff so when you got the TT warnings... instead of any of them getting fixed all got deleted.

Now... remember that ERUNT backup I made you do before we started working? This is what we are after. Restoring that.
We made that backup before I had you download/run combofix or anything so It *should* work.
Yes it will restore some bad stuff but we should be able to finish up repairs after that.


You have your XP CD (the real deal not some restore cd thing from whoever made your computer) or do you have the recovery console (RC) installed?

How you can tell if recovery console is installed is if when you first boot up you see 2 OS choices.
One being Microsoft Windows XP and the other being Windows Recovery Console.

Let me know please.

Thanks :)
 
Threatfire was fixing stuff, but I denied it 'cause I thought TeaTimer was detecting bad stuff. Makes me feel kinda like Homer Simpson. DOH!:oops:

Anyway, I do have the original Windows XP disk so it should have a recovery mode on it? Thanks again for your patience.
 
OK. Good on the XP disk. Yes it does have RC on it. We're going to boot with it.
I'll be back in a few with further instructions. :)
 
Sorry.. uptown business took longer than expected.

Ok...

One thing to understand here is the recovery console is all commands. Kinda like "DOS". No pretty pics here & no mouse.

Insert XP CD & reboot the machine.
If you get onscreen message to "press any key to boot with cd..." just hit enter.
If it tries to boot right through to XP on system you will need to go into your BIOS and set it up to boot with CD first.
Usually there is onscreen message displayed how to enter "setup" or "boot order" (often f10, f2, del, f12)
Once in "setup/BIOS or boot order screen" there should be onscreen instructions how to move around in bios.
No mouse here .. usually only have access to arrow keys, few f keys, enter key and the tab key.

You are looking for "boot order"
You want to change it to boot with CD first, hard drive next & if you have floppy that be last.
Make no other changes.
Save changes & reboot again.
Hit "enter" when you see the "boot with cd" message.
You will see windows loading drivers and such on blue screen..
Then you get a screen with several choices.

Install XP
Repair XP
Exit

You want "repair". Type R & hit enter.

You should next get a black screen asking what OS to log into.
Normally only 1 listed.
1 Windows
Type 1 & hit enter.
You are next asked for admin password.
If no password on administrator account just hit enter. Otherwise type in the admin password & hit enter.
Next you see this prompt:

c:\Windows>

Now -- make sure you type in these commands exactly as you see em or there will be errors.
Note where I have spaces and so on. (commands to type are in bold)(hit enter after each line)

Type cd erdnt
dir

Now you should see at least 2 directories listed.
We want the one where I had you create the backup.
I am not sure if you did it the 28th ot the 29th. (I am assuming the 29th for illustration purposes. If it was the 28th then change accordingly)

autobackup <-- created automatically if you have this option set when you installed erunt.
10-29-08 <-- Our puter saver

type cd 10-29-08
ERDNT.con
You will see several "1 files copied" messages
Once done type exit and hit enter.
System reboots.
Don't hit any keys at the "boot with cd..."
XP Should start.

This will get us back before CF tried to run & before ThreatFire did anything.

Once you get in... please make sure to disable TeaTimer before doing anything else.

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts. You MUST allow the change.
6. Restart your computer.

Make sure TeaTimer is not running.

Download ResetTeaTimer.bat to the Desktop
http://downloads.subratam.org/ResetTeaTimer.bat
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer (and preventing TeaTimer to restore them upon reactivation).

Assuming this went as expected....

Create a new ERUNT backup & please post a new set of logs from OTVIewIt.
Let me know at this point how things are.
Verify for me size of C:\ERDNT\11-01-08 <-- this folder (assuming you did it today)

If you had any problems above or still cannot boot -- post in detail what the problems are and what you see when you try to boot.

Thanks :)
 
You must log in or register to reply here.
Back
Top