Got rid of Braviax, now have Brastk.exe

Part 3:

[2008/11/04 20:33:33 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2008/11/04 20:33:33 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2008/11/04 20:33:33 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2008/11/04 20:33:33 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2008/11/04 20:33:33 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2008/11/04 20:33:33 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2008/11/04 20:33:33 | 00,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2008/11/04 20:33:32 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2008/11/04 20:33:32 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2008/11/04 20:33:32 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2008/11/04 20:33:32 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2008/11/04 20:33:32 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2008/11/04 20:33:32 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2008/11/04 20:33:32 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2008/11/04 20:33:31 | 00,360,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2008/11/04 20:33:31 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2008/11/04 20:33:31 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2008/11/04 20:33:31 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll
[2008/11/04 20:33:31 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2008/11/04 20:33:30 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2008/11/04 20:33:30 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2008/11/04 20:33:30 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2008/11/04 20:33:30 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2008/11/04 20:33:30 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2008/11/04 20:33:30 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2008/11/04 20:33:29 | 00,995,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2008/11/04 20:33:29 | 00,459,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2008/11/04 20:33:29 | 00,228,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2008/11/04 20:33:29 | 00,228,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2008/11/04 20:33:29 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2008/11/04 20:33:29 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2008/11/04 20:33:28 | 01,174,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2008/11/04 20:33:28 | 00,587,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2008/11/04 20:33:28 | 00,587,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/11/04 20:33:28 | 00,249,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2008/11/04 20:33:28 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2008/11/04 20:33:27 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2008/11/04 20:33:27 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2008/11/04 20:33:27 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2008/11/04 20:33:27 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2008/11/04 20:33:27 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2008/11/04 20:33:27 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2008/11/04 20:33:27 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2008/11/04 20:33:23 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2008/11/04 20:33:23 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2008/11/04 20:33:23 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2008/11/04 20:33:22 | 00,303,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2008/11/04 20:33:22 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2008/11/04 20:33:22 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll
[2008/11/04 20:33:22 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll
[2008/11/04 20:33:22 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2008/11/04 20:33:22 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll
[2008/11/04 20:33:21 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2008/11/04 20:33:21 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2008/11/04 20:33:21 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll
[2008/11/04 20:33:21 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2008/11/04 20:33:21 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2008/11/04 20:33:21 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2008/11/04 20:33:21 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2008/11/04 20:33:20 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2008/11/04 20:33:20 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2008/11/04 20:33:20 | 00,159,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2008/11/04 20:33:20 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2008/11/04 20:33:20 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2008/11/04 20:33:20 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2008/11/04 20:33:20 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2008/11/04 20:33:20 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll
[2008/11/04 20:33:19 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2008/11/04 20:33:19 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2008/11/04 20:33:19 | 00,131,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2008/11/04 20:33:19 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll
[2008/11/04 20:33:19 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2008/11/04 20:33:19 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll
[2008/11/04 20:33:18 | 00,307,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2008/11/04 20:33:18 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2008/11/04 20:33:18 | 00,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2008/11/04 20:33:18 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2008/11/04 20:33:18 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll
[2008/11/04 20:33:18 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2008/11/04 20:31:48 | 00,272,896 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2008/11/04 20:31:48 | 00,179,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2008/11/04 20:31:48 | 00,179,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2008/11/04 20:31:48 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2008/11/04 20:31:48 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2008/11/04 20:31:47 | 00,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2008/11/04 20:31:47 | 00,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2008/11/04 20:31:47 | 00,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2008/11/04 20:31:47 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2008/11/04 20:31:47 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2008/11/04 20:31:47 | 00,020,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/11/04 20:31:47 | 00,020,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2008/11/04 20:31:47 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2008/11/04 20:31:47 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2008/11/04 20:31:47 | 00,011,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/11/04 20:31:47 | 00,011,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2008/11/04 20:31:46 | 00,869,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2008/11/04 20:31:46 | 00,869,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2008/11/04 20:31:46 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2008/11/04 20:31:46 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2008/11/04 20:31:46 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2008/11/04 20:31:46 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2008/11/04 20:31:45 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2008/11/04 20:31:45 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2008/11/04 20:31:45 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2008/11/04 20:31:45 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2008/11/04 20:31:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2008/11/04 20:31:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2008/11/04 20:31:45 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2008/11/04 20:31:44 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll
[2008/11/04 20:31:44 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2008/11/04 20:31:44 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2008/11/04 20:31:44 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2008/11/04 20:31:44 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2008/11/04 20:31:44 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2008/11/04 20:31:44 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2008/11/04 20:31:44 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2008/11/04 20:31:44 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2008/11/04 20:31:44 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2008/11/04 20:31:44 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2008/11/04 20:31:44 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2008/11/04 20:31:44 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2008/11/04 20:31:44 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2008/11/04 20:31:44 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2008/11/04 20:31:44 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2008/11/04 20:31:44 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2008/11/04 20:31:44 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2008/11/04 20:31:44 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2008/11/04 20:31:43 | 00,495,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2008/11/04 20:31:43 | 00,495,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2008/11/04 20:31:43 | 00,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2008/11/04 20:31:43 | 00,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2008/11/04 20:31:43 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2008/11/04 20:31:43 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2008/11/04 20:31:43 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2008/11/04 20:31:43 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2008/11/04 20:31:43 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2008/11/04 20:31:43 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2008/11/04 20:31:42 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2008/11/04 20:31:42 | 00,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2008/11/04 20:31:42 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll
[2008/11/04 20:31:42 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll
[2008/11/04 20:31:41 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2008/11/04 20:31:41 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2008/11/04 20:31:41 | 00,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2008/11/04 20:31:41 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2008/11/04 20:31:41 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2008/11/04 20:31:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2008/11/04 20:31:40 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2008/11/04 20:31:40 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2008/11/04 20:31:40 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2008/11/04 20:31:40 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll
[2008/11/04 20:31:40 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2008/11/04 20:31:39 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2008/11/04 20:31:39 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll
[2008/11/04 20:31:39 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2008/11/04 20:31:39 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll
[2008/11/04 20:31:39 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll
[2008/11/04 20:31:39 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2008/11/04 20:31:39 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll
[2008/11/04 20:31:38 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2008/11/04 20:31:38 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2008/11/04 20:31:37 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2008/11/04 20:31:37 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2008/11/04 20:31:37 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2008/11/04 20:31:36 | 00,534,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2008/11/04 20:31:36 | 00,534,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2008/11/04 20:31:36 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2008/11/04 20:31:36 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2008/11/04 20:31:36 | 00,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2008/11/04 20:31:36 | 00,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2008/11/04 20:31:36 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2008/11/04 20:31:36 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2008/11/04 20:31:35 | 00,598,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2008/11/04 20:31:35 | 00,598,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2008/11/04 20:31:35 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2008/11/04 20:31:35 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2008/11/04 20:31:35 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2008/11/04 20:31:35 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2008/11/04 20:31:35 | 00,115,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/11/04 20:31:35 | 00,115,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2008/11/04 20:31:35 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2008/11/04 20:31:35 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2008/11/04 20:31:35 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll
[2008/11/04 20:31:35 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2008/11/04 20:31:34 | 00,200,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2008/11/04 20:31:34 | 00,200,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2008/11/04 20:31:34 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2008/11/04 20:31:34 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2008/11/04 20:31:34 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/11/04 20:31:34 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2008/11/04 20:31:34 | 00,075,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2008/11/04 20:31:34 | 00,075,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2008/11/04 20:31:34 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2008/11/04 20:31:34 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2008/11/04 20:31:34 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2008/11/04 20:31:34 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2008/11/04 20:31:34 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2008/11/04 20:31:34 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2008/11/04 20:31:34 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2008/11/04 20:31:34 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2008/11/04 20:31:34 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2008/11/04 20:31:34 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2008/11/04 20:31:34 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2008/11/04 20:31:34 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2008/11/04 20:31:33 | 00,582,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2008/11/04 20:31:33 | 00,582,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2008/11/04 20:31:33 | 00,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2008/11/04 20:31:33 | 00,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2008/11/04 20:31:33 | 00,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2008/11/04 20:31:33 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2008/11/04 20:31:33 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2008/11/04 20:31:32 | 01,172,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2008/11/04 20:31:32 | 01,172,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2008/11/04 20:31:32 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2008/11/04 20:31:32 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll
[2008/11/04 20:31:32 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll
[2008/11/04 20:31:32 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll
[2008/11/04 20:31:31 | 00,408,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2008/11/04 20:31:31 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2008/11/04 20:31:31 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2008/11/04 20:31:31 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll
[2008/11/04 20:31:31 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2008/11/04 20:31:31 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll
[2008/11/04 20:31:30 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll
[2008/11/04 20:31:30 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll
[2008/11/04 20:31:30 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll
[2008/11/04 20:31:30 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll
[2008/11/04 20:31:30 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll
[2008/11/04 20:31:29 | 00,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll
[2008/11/04 20:31:29 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll
[2008/11/04 20:31:29 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll
[2008/11/04 20:31:29 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2008/11/04 20:31:28 | 01,267,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll
[2008/11/04 20:31:28 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2008/11/04 20:31:28 | 00,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll
[2008/11/04 20:31:27 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2008/11/04 20:31:27 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll
[2008/11/04 20:31:24 | 00,182,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/11/04 20:26:12 | 00,050,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DMusic.sys
[2008/11/04 20:26:08 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/11/04 20:11:04 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2008/11/04 20:11:04 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2008/11/04 20:11:04 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2008/11/04 20:11:04 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2008/11/04 12:36:56 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/11/04 12:32:53 | 00,038,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/11/04 12:31:10 | 00,696,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2008/11/04 12:31:10 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2008/11/04 12:31:09 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2008/11/04 12:31:09 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2008/11/04 12:31:08 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2008/11/04 12:31:08 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2008/11/04 12:31:08 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2008/11/04 12:31:08 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2008/11/04 12:31:04 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2008/11/04 12:31:04 | 00,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/11/04 12:31:04 | 00,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2008/11/04 12:31:02 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2008/11/04 12:30:42 | 00,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT
[2008/11/04 12:30:42 | 00,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT
[2008/11/04 12:30:42 | 00,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT
[2008/11/04 12:30:42 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2008/11/04 12:30:42 | 00,031,405 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2008/11/04 12:30:42 | 00,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT
[2008/11/04 12:30:42 | 00,013,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2008/11/04 12:30:42 | 00,010,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2008/11/04 12:30:42 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2008/11/04 12:30:42 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2008/11/04 12:30:42 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2008/11/04 12:30:41 | 02,049,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2008/11/04 12:30:41 | 01,086,182 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2008/11/04 12:30:41 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2008/11/04 12:30:41 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2008/11/04 12:30:40 | 00,342,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2008/11/02 18:04:32 | 00,245,902 | ---- | C] () -- C:\Documents and Settings\Dennis\Desktop\daft.com
[2008/10/29 19:22:09 | 03,022,150 | ---- | C] () -- C:\Documents and Settings\Dennis\Desktop\ComboFix.exe
[2008/10/29 19:10:17 | 00,020,992 | -HS- | C] () -- C:\WINDOWS\System32\accwizh.dll
[2008/10/28 19:46:50 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dennis\Desktop\OTViewIt.exe
[2008/10/28 19:43:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/28 19:41:53 | 00,000,635 | ---- | C] () -- C:\Documents and Settings\Dennis\Desktop\ERUNT.lnk
[2008/10/28 19:41:52 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/10/28 19:38:33 | 00,149,837 | ---- | C] () -- C:\Documents and Settings\Dennis\My Documents\ERUNT Use.pdf
[2008/10/28 19:33:02 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dennis\Desktop\erunt-setup.exe
[2008/10/28 17:31:29 | 00,009,728 | ---- | C] () -- C:\WINDOWS\brastk.exe
[2008/10/28 17:29:57 | 00,000,132 | ---- | C] () -- C:\WINDOWS\System32\delself.bat
[2008/10/27 20:17:27 | 00,001,777 | ---- | C] () -- C:\Documents and Settings\Dennis\Desktop\HijackThis.lnk
[2008/10/27 20:16:28 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dennis\Desktop\HJTInstall.exe
[2008/10/27 19:10:44 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\WinCtrl32.dll
[2008/10/24 21:36:52 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\brastk.exe
[2008/10/24 21:34:21 | 00,000,000 | ---D | C] -- C:\New Folder
[2008/10/24 21:28:02 | 00,000,000 | ---D | C] -- C:\backups
[2008/10/18 16:57:16 | 00,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[2008/10/18 16:57:10 | 00,051,520 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2008/10/18 16:57:10 | 00,038,208 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2008/10/18 16:57:10 | 00,033,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2008/10/18 16:57:10 | 00,012,608 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys
[2008/10/18 16:57:10 | 00,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2008/10/18 16:57:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools

========== Files - Modified Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2008/11/08 10:05:00 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{41111FB6-E87B-4712-9635-90034B0CC9F3}.job
[2008/11/08 09:50:44 | 00,000,140 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2008/11/08 09:48:34 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/11/08 09:48:19 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/08 09:47:51 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2008/11/08 09:39:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/08 09:37:37 | 00,015,360 | ---- | M] () -- C:\WINDOWS\System32\WinCtrl32.dll
[2008/11/08 09:37:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/08 08:36:39 | 00,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000002-80651102}.rfx
[2008/11/08 08:36:39 | 00,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000002-80651102}.rfx
[2008/11/08 08:36:39 | 00,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000002-80651102}.rfx
[2008/11/08 08:36:39 | 00,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000002-80651102}.rfx
[2008/11/08 08:36:39 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/11/08 08:36:39 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/11/08 08:36:39 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000008-00001102-00000002-80651102}.dat
[2008/11/08 08:36:39 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000002-80651102}.dat
[2008/11/07 17:09:20 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/06 15:04:22 | 00,001,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[2008/11/06 14:30:01 | 00,000,102 | ---- | M] () -- C:\WINDOWS\VSWizard.ini
[2008/11/05 19:53:24 | 00,065,288 | ---- | M] () -- C:\Documents and Settings\Dennis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/04 23:01:14 | 00,000,468 | ---- | M] () -- C:\Documents and Settings\Dennis\Desktop\Shortcut to OTViewIt.lnk
[2008/11/04 21:12:55 | 00,440,998 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/04 21:12:55 | 00,078,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/04 20:51:08 | 00,527,410 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/04 20:47:56 | 00,239,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/04 20:42:18 | 00,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/11/04 20:36:52 | 00,001,111 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/11/04 20:36:23 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/11/04 20:36:11 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/11/04 20:36:09 | 00,004,858 | ---- | M] () -- C:\WINDOWS\iexplore.ini
[2008/11/04 20:36:05 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2008/11/04 20:36:04 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/11/04 20:36:04 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/11/04 20:36:02 | 00,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2008/11/04 20:35:45 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/04 20:32:57 | 00,023,348 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/04 20:30:41 | 00,000,203 | -HS- | M] () -- C:\boot.ini
[2008/11/04 20:10:51 | 00,000,138 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/11/04 20:10:51 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/11/04 12:37:07 | 00,198,605 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2008/11/04 12:31:24 | 00,001,344 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/02 18:30:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\13i.sys
[2008/11/02 18:30:28 | 00,031,104 | ---- | M] () -- C:\WINDOWS\System32\drivers\Windi26.sys
[2008/11/02 18:29:30 | 00,009,728 | ---- | M] () -- C:\WINDOWS\System32\brastk.exe
[2008/11/02 18:29:30 | 00,009,728 | ---- | M] () -- C:\WINDOWS\brastk.exe
[2008/11/02 18:27:34 | 00,000,132 | ---- | M] () -- C:\WINDOWS\System32\delself.bat
[2008/11/02 18:25:59 | 00,006,144 | ---- | M] () -- C:\WINDOWS\System32\karna.dat
[2008/11/02 18:25:59 | 00,006,144 | ---- | M] () -- C:\WINDOWS\karna.dat
[2008/11/02 18:04:33 | 00,245,902 | ---- | M] () -- C:\Documents and Settings\Dennis\Desktop\daft.com
[2008/11/02 11:13:43 | 00,000,328 | --S- | M] () -- C:\WINDOWS\System32\2455993257.dat
[2008/10/29 19:22:23 | 03,022,150 | ---- | M] () -- C:\Documents and Settings\Dennis\Desktop\ComboFix.exe
[2008/10/29 19:10:17 | 00,020,992 | -HS- | M] () -- C:\WINDOWS\System32\accwizh.dll
[2008/10/29 18:55:37 | 12,020,9408 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2008/10/28 20:17:40 | 54,129,930 | -HS- | M] () -- C:\WINDOWS\System32\Adobeh.sys
[2008/10/28 19:46:51 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dennis\Desktop\OTViewIt.exe
[2008/10/28 19:41:53 | 00,000,635 | ---- | M] () -- C:\Documents and Settings\Dennis\Desktop\ERUNT.lnk
[2008/10/28 19:38:33 | 00,149,837 | ---- | M] () -- C:\Documents and Settings\Dennis\My Documents\ERUNT Use.pdf
[2008/10/28 19:33:06 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dennis\Desktop\erunt-setup.exe
[2008/10/27 22:20:03 | 03,384,453 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000002-80651102}.CDF
[2008/10/27 22:19:46 | 03,384,327 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000002-80651102}.BAK
[2008/10/27 20:17:27 | 00,001,777 | ---- | M] () -- C:\Documents and Settings\Dennis\Desktop\HijackThis.lnk
[2008/10/27 20:16:30 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dennis\Desktop\HJTInstall.exe
[2008/10/27 20:12:20 | 00,000,563 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/20 16:13:19 | 00,000,025 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2008/10/19 12:37:41 | 00,000,225 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2008/10/18 16:57:16 | 00,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
< End of report >
 
And finally the Extras log:
OTViewIt Extras logfile created on: 11/8/2008 10:05:58 AM - Run 2
OTViewIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\Dennis\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 697.14 Mb Available Physical Memory | 68.11% Memory free
2.41 Gb Paging File | 2.14 Gb Available in Paging File | 89.11% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 56.14 Gb Free Space | 73.55% Space Free | Partition Type: NTFS
Drive D: | 40.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DENNIS-JIF0Z43K
Current User Name: Dennis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2002/08/29 04:00:00 | 00,129,024 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2002/08/29 04:00:00 | 00,129,024 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\NovaLogic\Joint Operations Demo\jodemo.exe:*:Enabled:jodemo
File not found -- C:\Program Files\NovaLogic\Delta Force Black Hawk Down\DFBHD.EXE:*:Enabled:DFBHD
[2002/08/29 04:00:00 | 00,091,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
File not found -- C:\Program Files\DFPinger\DFBHDPinger\DFBHDPinger.exe:*:Enabled:DFBHDPinger
File not found -- C:\Program Files\LimeWire\LimeWire 4.2.3\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\NovaLogic\Delta Force Black Hawk Down\update.exe:*:Enabled:update
File not found -- D:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe:*:Enabled:prism3d
[2002/08/29 04:00:00 | 00,774,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
File not found -- C:\Program Files\NovaLogic\Delta Force Black Hawk Down\Black Operations Mod.exe:*:Enabled:Black Operations Mod
File not found -- C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\Jointops.exe:*:Enabled:Jointops
File not found -- C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\UPDATE.EXE:*:Enabled:UPDATE
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek
[2004/02/03 13:42:04 | 00,962,642 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application
[2004/02/03 13:42:54 | 00,401,491 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager
[2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/08/16 10:23:52 | 00,850,944 | ---- | M] (Abacast, Inc.) -- C:\Documents and Settings\Dennis\Local Settings\Application Data\Abacast\Abaclient.exe:*:Enabled:Abaclient
[2007/09/27 13:18:36 | 01,400,832 | ---- | M] (Abacast, Inc.) -- C:\Documents and Settings\Dennis\Local Settings\Application Data\Abacast\Abaclient2.exe:*:Disabled:Abaclient
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 03:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])
ipp: [HKLM - No CLSID value]
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2004/02/03 13:43:36 | 00,077,903 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\AATP.DLL (mctp:{d7b95390-b1c5-11d0-b111-0080c712fe82} (HKLM) [mctp: Asynchronous Pluggable Protocol Handler])
msdaipp: [HKLM - No CLSID value]
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2002/08/29 04:00:00 | 00,842,268 | ---- | M] () C:\WINDOWS\system32\msdxm.ocx (vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} (HKLM) [AsyncPProt Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Disc 2
"{03CDDD00-BD57-4326-9480-4C74449AF597}"=PhotoStitch
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}"=Camera Window
"{0C8EE4CE-981E-4E7C-A2B5-2EA68A645589}"=D4100_Help
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}"=Quicken 2007
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}"=Microsoft IntelliPoint 4.1
"{20B8FD81-A71D-42ea-B887-07A616069E63}"=D4100
"{2238A301-6A20-4bdb-A655-C84AB629F6B6}"=hph_readme
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}"=HPPhotoSmartExpress
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}"=PanoStandAlone
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{48B82226-75E3-4E90-92CC-D30F79EA6380}"=Norton Security Scan
"{49140327-BEBF-43dd-B386-43311A065609}"=hph_ProductContext
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}"=HPProductAssistant
"{4F6DED87-B0E2-462F-A4FE-7DAE4A2CB774}"=Joint Operations: Typhoon Rising - Demo
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5CE42363-EC4B-4D0D-A27B-9B48F253E556}"=LimeWire
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}"=WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{702F1CE2-2751-4E8A-AB2D-53262AE0EF05}"=ATI Catalyst Control Center
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142100}"=Java 2 Runtime Environment, SE v1.4.2_10
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{81935798-5D0C-4892-832E-630E6CC07EAF}"=Morrowind
"{8245C111-D83F-4C66-BBC6-2424F6116944}"=TES Construction Set
"{8331C3EA-0C91-43AA-A4D4-27221C631139}"=Status
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}"=Microsoft Visual C Runtime
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}"=Rhapsody Player Engine
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}"=Unload
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}"=Sound Blaster Live!
"{911A0409-6000-11D3-8CFE-0050048383C9}"=Microsoft Outlook 2002
"{9D404F8F-05A1-4734-9550-6EC2FEE916B8}"=HP Photosmart and Deskjet 7.0 Software
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}"=Windows Defender Signatures
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9
"{AD708DF0-9F04-4CB3-821A-85804A833B4D}"=ArcSoft Camera Suite
"{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}"=Palm
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}"=ViewSonic Monitor Drivers
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}"=HPSSupply
"{BBEB5679-6E2C-47C6-A9B5-3C6D4CD19B60}"=hph_software_req
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}"=RemoteCapture 2.7.0
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}"=Canon Utilities ZoomBrowser EX
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}"=NTI CD-Maker
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}"=SolutionCenter
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}"=HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D6346347-B8CD-4B52-BF5F-9676CDE79801}"=hph_software
"{DB093244-7D79-4384-0081-633D3B2C1244}"=LOTR The Return of the King (tm) Demo
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}"=TrayApp
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}"=MarketResearch
"{EB21A812-671B-4D08-B974-2A347F0D8F70}"=HP Photosmart Essential
"{EB807EB6-5179-48B7-98D4-7B4934A57A81}"=Documents To Go
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}"=File Viewer Utility 1.2
"{F157460F-720E-482f-8625-AD7843891E5F}"=InstantShareDevicesMFC
"{F445476A-42DE-11D4-80D0-00C04F2750A6}"=Epocrates Essentials
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1"=ThreatFire 3.5
"Adobe Acrobat 4.0"=Adobe Acrobat 4.0
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop 5.0 Limited Edition"=Adobe Photoshop 5.0 Limited Edition
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"All ATI Software"=ATI - Software Uninstall Utility
"ASUS Probe V2.19.07"=ASUS Probe V2.19.07
"ATI Display Driver"=ATI Display Driver
"Charter"=Charter Pipeline Professor
"Creative PlayCenter 2.0"=Creative PlayCenter
"DIG Game Manager"=DIG Game Manager
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easy-WebPrint"=Easy-WebPrint
"ERUNT_is1"=ERUNT 1.1j
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools"=HP Solution Center 7.0
"HPExtendedCapabilities"=HP Customer Participation Program 7.0
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}"=Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}"=Canon Camera Window for ZoomBrowser EX
"InstallShield_{5CE42363-EC4B-4D0D-A27B-9B48F253E556}"=LimeWire
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}"=Canon Utilities RemoteCapture 2.7
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}"=NTI CD-Maker 6 Platinum
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}"=Canon Utilities File Viewer Utility 1.2
"JRE 1.3.1_04"=Java 2 Runtime Environment Standard Edition v1.3.1_04
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Microsoft Internet Gaming Zone"=MSN Gaming Zone
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant"=MSN Music Assistant
"MSN Toolbar"=MSN Toolbar
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"NVIDIAnForce"=NVIDIA Windows 2000/XP nForce Drivers
"OneTouch Version 3.0"=OneTouch Version 3.0
"PaperPort 7.02"=PaperPort 7.02
"PhotoRecord"=Canon PhotoRecord
"QuickTime"=QuickTime
"Shockwave"=Shockwave
"Shop for HP Supplies"=Shop for HP Supplies
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.3
"SSUtils"=NVIDIA nForce Utilities
"Support.com"=Support.com Software
"Windows CE Services"=Microsoft ActiveSync 3.7
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Abacast Client"=Abacast Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2008 7:21:25 PM | Computer Name = DENNIS-JIF0Z43K | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 11/6/2008 7:39:46 PM | Computer Name = DENNIS-JIF0Z43K | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/6/2008 7:39:46 PM | Computer Name = DENNIS-JIF0Z43K | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 11/7/2008 8:33:57 PM | Computer Name = DENNIS-JIF0Z43K | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/7/2008 8:33:57 PM | Computer Name = DENNIS-JIF0Z43K | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 11/8/2008 12:19:15 PM | Computer Name = DENNIS-JIF0Z43K | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/8/2008 12:19:15 PM | Computer Name = DENNIS-JIF0Z43K | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 11/8/2008 12:34:49 PM | Computer Name = DENNIS-JIF0Z43K | Source = Windows Product Activation | ID = 1009
Description = You have not activated Windows within the grace period. To activate
Windows, contact a customer service representative by telephone.

Error - 11/8/2008 1:27:46 PM | Computer Name = DENNIS-JIF0Z43K | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/8/2008 1:27:47 PM | Computer Name = DENNIS-JIF0Z43K | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

[ System Events ]
Error - 11/8/2008 1:28:49 PM | Computer Name = DENNIS-JIF0Z43K | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD Networking
Support Environment service which failed to start because of the following error:
%%31

Error - 11/8/2008 1:28:49 PM | Computer Name = DENNIS-JIF0Z43K | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 11/8/2008 1:28:49 PM | Computer Name = DENNIS-JIF0Z43K | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips FltMgr IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip

Error - 11/8/2008 1:36:25 PM | Computer Name = DENNIS-JIF0Z43K | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/8/2008 1:39:09 PM | Computer Name = DENNIS-JIF0Z43K | Source = Service Control Manager | ID = 7022
Description = The DCOM Server Process Launcher service hung on starting.

Error - 11/8/2008 1:39:09 PM | Computer Name = DENNIS-JIF0Z43K | Source = Service Control Manager | ID = 7000
Description = The Security Center service failed to start due to the following error:
%%1083

Error - 11/8/2008 1:39:19 PM | Computer Name = DENNIS-JIF0Z43K | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FltMgr

Error - 11/8/2008 1:39:22 PM | Computer Name = DENNIS-JIF0Z43K | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {184F51D8-B677-4C90-BB26-B5742A2D291D}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 11/8/2008 1:40:01 PM | Computer Name = DENNIS-JIF0Z43K | Source = Service Control Manager | ID = 7000
Description = The HTTP service failed to start due to the following error: %%127

Error - 11/8/2008 1:40:01 PM | Computer Name = DENNIS-JIF0Z43K | Source = Service Control Manager | ID = 7001
Description = The SSDP Discovery Service service depends on the HTTP service which
failed to start because of the following error: %%127


< End of report >
 
Can't seem to get to the TeaTimer files, but did do an Erunt backup before I connected to the web to post the above logs.

One step at a time.....................:D:
 
Hi :)

Good to see something is working out for you.

Ok.. looks like you did repair install of windows.
So basic windows is there at least after Threatfire/TeaTimer fight.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

It will likely take a few post cus your CF log will be long.

Thanks :)
 
Combofix logs: :bigthumb:

ComboFix 08-11-07.01 - Dennis 2008-11-09 9:47:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.663 [GMT -8:00]
Running from: c:\documents and settings\Dennis\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\ThreatFire\TFWAH.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
c:\program files\UPDATE.PIF
c:\windows\brastk.exe
c:\windows\karina.dat
c:\windows\karna.dat
c:\windows\system32\~.exe
c:\windows\system32\7.tmp
c:\windows\system32\brastk.exe
c:\windows\system32\DelSelf.bat
c:\windows\system32\drivers\109.exe
c:\windows\system32\drivers\125.exe
c:\windows\system32\drivers\156.exe
c:\windows\system32\drivers\171.exe
c:\windows\system32\drivers\187.exe
c:\windows\system32\drivers\203.exe
c:\windows\system32\drivers\31.exe
c:\windows\system32\drivers\312.exe
c:\windows\system32\drivers\343.exe
c:\windows\system32\drivers\437.exe
c:\windows\system32\drivers\453.exe
c:\windows\system32\drivers\531.exe
c:\windows\system32\drivers\546.exe
c:\windows\system32\drivers\578.exe
c:\windows\system32\drivers\640.exe
c:\windows\system32\drivers\687.exe
c:\windows\system32\drivers\703.exe
c:\windows\system32\drivers\718.exe
c:\windows\system32\drivers\734.exe
c:\windows\system32\drivers\765.exe
c:\windows\system32\drivers\796.exe
c:\windows\system32\drivers\843.exe
c:\windows\system32\drivers\890.exe
c:\windows\system32\drivers\906.exe
c:\windows\system32\drivers\921.exe
c:\windows\system32\drivers\937.exe
c:\windows\system32\drivers\953.exe
c:\windows\system32\drivers\984.exe
c:\windows\system32\drivers\Windi26.sys
c:\windows\system32\karna.dat
c:\windows\system32\mdm.exe
c:\windows\system32\TCfNnnmp.ini2
c:\windows\system32\WinCtrl32.dl_
c:\windows\system32\WinCtrl32.dll
c:\windows\system32\wini10541.exe
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80 . . . . failed to delete
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67 . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDI26
-------\Service_Windi26


((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 )))))))))))))))))))))))))))))))
.

2008-11-08 17:57 . 2008-11-08 17:57 801,610 --a------ C:\QDATA02.IDX
2008-11-08 16:12 . 2008-11-08 16:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2008-11-08 13:39 . 2002-12-04 20:01 820,864 -ra------ c:\windows\system32\drivers\nvmcp.sys
2008-11-08 13:39 . 2002-12-04 20:01 241,664 -ra------ c:\windows\system32\drivers\nvapu.sys
2008-11-08 13:39 . 2002-12-04 20:01 62,336 -ra------ c:\windows\system32\drivers\nvarm.sys
2008-11-08 13:39 . 2002-12-04 20:01 44,032 -ra------ c:\windows\system32\OpenAL32.dll
2008-11-08 13:39 . 2002-12-04 20:01 44,032 -ra------ c:\windows\system32\nvopenal.dll
2008-11-08 13:39 . 2002-12-04 20:01 30,720 -ra------ c:\windows\system32\nvasio.dll
2008-11-08 13:39 . 2002-12-04 20:01 13,056 -ra------ c:\windows\system32\drivers\nvax.sys
2008-11-08 13:39 . 2002-12-04 20:01 5,120 -ra------ c:\windows\system32\ALut.dll
2008-11-08 13:39 . 2002-12-04 20:01 4,096 -ra------ c:\windows\system32\nvack.dll
2008-11-08 13:37 . 2002-08-29 02:01 134,272 --a------ c:\windows\system32\drivers\portcls.sys
2008-11-08 13:37 . 2002-08-29 02:01 134,272 --a--c--- c:\windows\system32\dllcache\portcls.sys
2008-11-08 13:37 . 2002-08-29 01:32 57,856 --a------ c:\windows\system32\drivers\drmk.sys
2008-11-08 13:37 . 2002-08-29 01:32 57,856 --a--c--- c:\windows\system32\dllcache\drmk.sys
2008-11-08 13:37 . 2001-08-17 22:37 22,016 --a------ c:\windows\system32\wdmaud.drv
2008-11-08 13:02 . 2002-10-03 23:23 80,896 -ra------ c:\windows\system32\drivers\NVENET.sys
2008-11-08 13:02 . 2002-10-03 23:23 1,024 -ra------ c:\windows\system32\drivers\jedih2rx.bin
2008-11-08 13:02 . 2002-10-03 23:23 122 -ra------ c:\windows\system32\drivers\ramsed.bin
2008-11-08 13:02 . 2002-10-03 23:23 42 -ra------ c:\windows\system32\drivers\jedireg.pat
2008-11-08 12:55 . 2008-11-08 12:55 3,813 --a------ c:\windows\Ascd_tmp.ini
2008-11-08 12:23 . 2008-11-08 13:04 <DIR> d-------- c:\windows\LastGood.Tmp
2008-11-08 09:59 . 2008-11-08 09:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-08 09:35 . 2006-10-22 12:22 208,896 --a------ c:\windows\system32\nvudisp.exe
2008-11-08 09:35 . 2008-11-09 09:55 88,566 --a------ c:\windows\system32\nvapps.xml
2008-11-08 09:35 . 2006-10-22 12:22 17,056 --a------ c:\windows\system32\nvdisp.nvu
2008-11-08 09:33 . 2006-10-22 15:06 208,896 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-06 14:28 . 2008-11-06 14:28 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-11-06 14:28 . 2008-11-06 14:28 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Leadertech
2008-11-04 20:56 . 2008-11-04 21:12 3,484 --a------ c:\windows\system32\PerfStringBackup.TMP
2008-11-04 20:38 . 2002-08-29 04:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-11-04 20:37 . 2001-08-17 22:36 2,134,528 --a--c--- c:\windows\system32\dllcache\EXCH_smtpsnap.dll
2008-11-04 20:36 . 2008-11-04 20:36 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-11-04 20:36 . 2008-11-04 20:36 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-11-04 20:34 . 2002-08-29 04:00 106,562 --a--c--- c:\windows\system32\dllcache\srchctls.dll
2008-11-04 20:34 . 2008-11-04 20:34 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-04 20:34 . 2008-11-04 20:34 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-04 20:34 . 2008-11-04 20:34 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-11-04 20:34 . 2008-11-04 20:34 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-11-04 20:34 . 2008-11-04 20:34 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-04 20:31 . 2002-08-29 04:00 1,267,712 --a--c--- c:\windows\system32\dllcache\cimwin32.dll
2008-11-04 20:26 . 2001-08-17 13:59 50,048 --a------ c:\windows\system32\drivers\DMusic.sys
2008-11-04 20:26 . 2002-08-29 01:32 5,888 --a------ c:\windows\system32\drivers\splitter.sys
2008-11-04 20:11 . 2002-08-29 04:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2008-11-04 20:11 . 2002-08-29 04:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2008-11-04 20:11 . 2002-08-29 04:00 13,312 --a------ c:\windows\system32\irclass.dll
2008-11-04 20:11 . 2002-08-29 04:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll
2008-11-04 20:10 . 2002-08-29 04:00 1,086,182 -ra------ c:\windows\SET60.tmp
2008-11-04 20:10 . 2002-08-29 04:00 13,608 -ra------ c:\windows\SET75.tmp
2008-11-04 12:36 . 2002-08-29 01:27 56,576 --a------ c:\windows\system32\drivers\redbook.sys
2008-11-04 12:32 . 2002-08-29 03:46 38,024 --a------ c:\windows\system32\drivers\termdd.sys
2008-11-04 12:31 . 2002-08-29 04:00 696,320 --a--c--- c:\windows\system32\dllcache\sapi.dll
2008-11-04 12:31 . 2002-08-29 04:00 147,456 --a--c--- c:\windows\system32\dllcache\sapi.cpl
2008-11-04 12:31 . 2002-08-29 04:00 132,096 --a------ c:\windows\system\WINSPOOL.DRV
2008-11-04 12:31 . 2002-08-29 03:41 71,168 --a------ c:\windows\system32\storprop.dll
2008-11-04 12:31 . 2002-08-29 04:00 22,016 --a--c--- c:\windows\system32\dllcache\agt0408.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,968 --a--c--- c:\windows\system32\dllcache\agt040e.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,456 --a--c--- c:\windows\system32\dllcache\agt041f.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,456 --a--c--- c:\windows\system32\dllcache\agt0419.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,456 --a--c--- c:\windows\system32\dllcache\agt0415.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,456 --a--c--- c:\windows\system32\dllcache\agt0405.dll
2008-11-04 12:31 . 2002-08-29 04:00 10,496 --a------ c:\windows\system32\drivers\irenum.sys
2008-11-04 12:31 . 2002-08-29 04:00 10,496 --a--c--- c:\windows\system32\dllcache\irenum.sys
2008-10-29 19:10 . 2008-10-29 19:10 20,992 --ahs---- c:\windows\system32\accwizh.dll
2008-10-28 19:41 . 2008-10-28 19:41 <DIR> d-------- c:\program files\ERUNT
2008-10-24 21:34 . 2008-10-24 21:34 <DIR> d-------- C:\New Folder
2008-10-24 21:28 . 2008-10-24 21:28 <DIR> d-------- C:\backups
2008-10-20 17:17 . 2008-10-20 17:17 <DIR> d-------- c:\documents and settings\Guest\Application Data\MX
2008-10-18 16:57 . 2008-11-09 09:51 <DIR> d-------- c:\program files\ThreatFire
2008-10-18 16:57 . 2008-10-18 16:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-10-18 16:57 . 2008-10-24 13:07 51,488 --a------ c:\windows\system32\drivers\TfFsMon.sys
2008-10-18 16:57 . 2008-10-24 13:07 39,200 --a------ c:\windows\system32\drivers\TfSysMon.sys
2008-10-18 16:57 . 2008-10-24 13:07 33,056 --a------ c:\windows\system32\drivers\TfNetMon.sys
2008-10-18 16:57 . 2008-10-24 13:07 12,576 --a------ c:\windows\system32\drivers\TfKbMon.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 17:53 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-08 18:49 --------- d-----w c:\documents and settings\Dennis\Application Data\MSN6
2008-11-06 23:04 --------- d-----w c:\program files\MSN Messenger
2008-11-03 02:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-25 03:59 --------- d-----w c:\program files\Trend Micro
2008-10-19 17:37 --------- d-----w c:\program files\EA GAMES
2008-10-05 09:38 --------- d-----w c:\program files\Microsoft Silverlight
2008-09-30 04:45 --------- d-----w c:\program files\Palm
2008-09-30 04:44 --------- d-----w c:\program files\Common Files\Skyscape
2008-09-25 03:28 134,992 ----a-w C:\QDATA02OFXLOG.DAT
2008-09-19 21:20 --------- d-----w c:\program files\Lavasoft
2008-09-19 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-09-19 21:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-09-18 00:00 --------- d-----w c:\program files\Google
2008-09-16 04:36 --------- d-----w c:\program files\MSN Games
2008-09-16 04:34 --------- d-----w c:\program files\Yahoo!
2008-09-16 04:29 --------- d-----w c:\program files\Oberon Media
2008-09-15 07:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-14 20:42 92,672 ----a-w c:\documents and settings\Administrator\KillBox.exe
2008-09-12 08:36 30,592 ----a-w c:\windows\system32\drivers\Winvb84.sys
2008-09-12 00:55 --------- d-----w c:\documents and settings\Guest\Application Data\alot
2006-11-24 21:28 807,624 ----a-w c:\program files\DF_BHD_Pinger_5_0_BHD_TS_v1_5_0_5_-_Creator_Dstructr.zip
2006-07-11 23:00 5,632 --sha-w c:\program files\Thumbs.db
2005-02-10 07:01 79,068,001 ----a-w c:\program files\Blackopsv1.0.zip
2004-03-15 21:29 299,624 ----a-w c:\program files\dxwebsetup.exe
2003-10-16 00:07 2,245 ----a-w c:\program files\_FILES.PFF
2003-10-14 22:49 84 ----a-w c:\program files\UPDATE.WIZ
2003-10-13 22:31 403 ----a-w c:\program files\STARTUP.HTM
2003-10-06 20:29 4,244 ----a-w c:\program files\Gameerr.bin
2003-10-02 17:18 95,377 ----a-w c:\program files\dfvgame.LWF
2003-09-26 22:21 74,534 ----a-w c:\program files\MogSlm04.3di
2003-09-25 23:44 51,529 ----a-w c:\program files\Gametext.bin
2003-09-25 23:04 353,399 ----a-w c:\program files\FAH6b.3di
2003-09-25 23:03 399,366 ----a-w c:\program files\FAH6a.3di
2003-09-25 22:51 644,422 ----a-w c:\program files\fblkhawk.3di
2003-09-25 22:50 668,018 ----a-w c:\program files\fblkhawf.3di
2003-09-25 22:42 649,693 ----a-w c:\program files\fblkhawd.3di
2003-09-24 22:07 116,841 ----a-w c:\program files\ammo.def
2003-09-23 23:55 81,705 ----a-w c:\program files\weapon.def
2003-09-18 21:27 30,647 ----a-w c:\program files\menutxt.bin
2003-09-17 01:29 29,731 ----a-w c:\program files\EMOTE13.bad
2003-09-16 21:46 8,286 ----a-w c:\program files\DELTA01.ADM
2003-09-16 18:04 1,194,796 ----a-w c:\program files\RE_Bsmt.3di
2003-09-16 16:56 49,566 ----a-w c:\program files\MogSlm01.3di
2003-09-15 20:37 73,497 ----a-w c:\program files\dfvmenus.mnu
2003-07-10 21:35 10,538 ----a-w c:\program files\airexp2.ptl
2003-07-10 21:35 1,614 ----a-w c:\program files\bcasings.ptl
2003-07-10 21:35 1,573 ----a-w c:\program files\casings.ptl
2003-07-08 20:47 18,629 ----a-w c:\program files\bird1.pcx
2003-05-30 21:38 4,553 ----a-w c:\program files\ADP_11B.til
2003-05-30 21:38 4,553 ----a-w c:\program files\ADP_11A.til
2003-05-30 21:38 25,647 ----a-w c:\program files\ADP_11B.bms
2003-05-30 21:38 25,647 ----a-w c:\program files\ADP_11A.bms
2003-05-20 21:11 9,173 ----a-w c:\program files\KYLE.WAC
2003-05-07 17:28 225,045 ----a-w c:\program files\Btn_ign.tga
2003-04-17 23:47 185,371 ----a-w c:\program files\FHum50N.3di
2003-04-17 23:32 190,602 ----a-w c:\program files\FHum50X.3di
2003-04-17 23:18 167,321 ----a-w c:\program files\FHum50P.3di
2003-04-17 23:04 167,156 ----a-w c:\program files\FHum50.3di
2003-04-14 23:16 28,805 ----a-w c:\program files\FBK_03a.bms
2003-04-14 23:16 28,793 ----a-w c:\program files\FBK_03b.bms
2003-04-14 23:16 1,540 ----a-w c:\program files\FBK_03b.til
2003-04-14 23:16 1,540 ----a-w c:\program files\FBK_03a.til
2003-04-10 21:58 1,486,671 ----a-w c:\program files\BHD_ups2.tga
2003-04-09 20:47 64,693 ----a-w c:\program files\SPBHD_14.bms
2003-04-09 20:47 2,233 ----a-w c:\program files\SPBHD_14.til
2003-04-04 22:49 242,110 ----a-w c:\program files\Btn_gmdm.tga
2003-04-04 22:33 254,761 ----a-w c:\program files\Btn_zila.tga
2003-04-04 22:27 102,727 ----a-w c:\program files\Btn_lnk2.tga
2003-04-04 22:23 59,374 ----a-w c:\program files\Btn_ext2.tga
2003-03-26 18:43 28,122 ----a-w c:\program files\SDK_01b.bms
2003-03-26 18:43 10,401 ----a-w c:\program files\SDK_01b.til
2003-03-26 18:41 5,140 ----a-w c:\program files\ADK_02b.til
2003-03-26 18:41 30,835 ----a-w c:\program files\ADK_02b.bms
2003-03-26 18:40 30,101 ----a-w c:\program files\ADK_01b.bms
2003-03-26 18:40 10,429 ----a-w c:\program files\ADK_01b.til
2003-03-25 23:32 32,592 ----a-w c:\program files\CTFK_02b.bms
2003-03-25 23:32 10,455 ----a-w c:\program files\CTFK_02b.til
2003-03-25 23:28 30,106 ----a-w c:\program files\ADK_01a.bms
2003-03-25 23:28 10,429 ----a-w c:\program files\ADK_01a.til
2003-03-25 22:21 13,774 ----a-w c:\program files\dfvdbgov.mnu
2003-03-25 18:52 73,378 ----a-w c:\program files\MogBlk07.3DI
2003-03-25 18:16 31,569 ----a-w c:\program files\SDM_01b.bms
2003-03-25 18:15 31,551 ----a-w c:\program files\SDM_01a.bms
2003-03-25 18:09 6,396 ----a-w c:\program files\DMM_01h.til
2003-03-25 18:09 39,417 ----a-w c:\program files\DMM_01h.bms
2003-03-25 18:03 6,396 ----a-w c:\program files\CTFK_03a.til
2003-03-25 18:03 41,222 ----a-w c:\program files\CTFK_03a.bms
2003-03-25 17:59 6,396 ----a-w c:\program files\CTFK_03b.til
2003-03-25 17:59 41,225 ----a-w c:\program files\CTFK_03b.bms
2003-03-24 22:44 6,569 ----a-w c:\program files\zboard.key
2003-03-24 21:13 31,939 ----a-w c:\program files\SDM_02b.bms
2003-03-24 21:01 20,403 ----a-w c:\program files\SDP_01B.bms
2003-03-24 20:52 19,433 ----a-w c:\program files\SDM_01f.bms
2003-03-24 18:54 55,788 ----a-w c:\program files\CTFM_05B.bms
2003-03-24 18:50 55,998 ----a-w c:\program files\CTFM_05A.bms
2003-03-21 23:15 44,500 ----a-w c:\program files\SPBHD_13.bms
2003-03-21 23:15 10,567 ----a-w c:\program files\SPBHD_13.til
2003-03-21 17:18 31,450 ----a-w c:\program files\TKHM_02b.bms
2003-03-21 17:16 31,424 ----a-w c:\program files\TKHM_02a.bms
.

------- Sigcheck -------

2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2008-04-13 10:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-17 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneTouch Monitor"="c:\progra~1\VISION~1\ONETOU~2.EXE" [2001-10-16 86016]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]
"nForce Tray Options"="sstray.exe" [2002-11-12 c:\windows\system32\sstray.exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-12 45056]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-12-25 28672]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\system32\ctmp3.acm
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Dennis\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"=
"c:\\Documents and Settings\\Dennis\\Local Settings\\Application Data\\Abacast\\Abaclient2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\System32\DRIVERS\si3112r.sys [2005-11-10 102400]

*Newly Created Service* - BITSDCOMLAUNCH
.
Contents of the 'Scheduled Tasks' folder

2008-11-09 c:\windows\Tasks\User_Feed_Synchronization-{41111FB6-E87B-4712-9635-90034B0CC9F3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-POINTER - point32.exe
HKU-Default-Run-brastk - c:\windows\system32\brastk.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nj8ii6fe.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 09:55:49
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AlerterRasAutoAticlr_optimization_v2.0.50727_32]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AlerterRpcSs]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmtCiSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmtCiSvcFastUserSwitchingCompatibility]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmtFastUserSwitchingCompatibility]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService PMSP Service]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceMessengerRSVP]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceNetman]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aspnet_stateLmHosts]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Aticlr_optimization_v2.0.50727_32]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Aticlr_optimization_v2.0.50727_32AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AudioSrvRDSessMgr]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BITSDcomLaunch]
"ImagePath"=" û\06 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Browseraspnet_stateLmHosts]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Browserwuauserv]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BrowserwuauservALG]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BrowserwuauservW32TimeSpoolerNVSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ClipSrvSSDPSRVEventSystemwuauservEventlogImapiServicegusvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\clr_optimization_v2.0.50727_32RasMan]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\COMSysAppFastUserSwitchingCompatibility]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\COMSysAppFastUserSwitchingCompatibilityWMPNetworkSvcWebClient]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DhcpNetman]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmadminEventlog]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Dnscachegusvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventSystemgusvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventSystemgusvcWMPNetworkSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gusvcstisvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HidServaspnet_state]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LmHostsNtLmSsp]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MessengerRSVP]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTCWZCSVC]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility Smart]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSIServerTrkWksALG]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDEclr_optimization_v2.0.50727_32]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDEdsdm Smart]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDEdsdmgusvcstisvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetmanSamSs]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetmanWMPNetworkSvcNtmsSvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NlaSENS]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVSvchkmsvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVSvcRemoteAccess]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVSvcRemoteAccessDhcpNetman]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PolicyAgentWebClient]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PolicyAgentWebClientWmiApSrv]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasAutoAticlr_optimization_v2.0.50727_32]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RemoteAccessNtLmSsp]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RemoteAccessPolicyAgentWebClient]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RpcLocatorRemoteAccessNtLmSsp]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SCardSvrThemes]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\seclogonALG]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccessWMPNetworkSvcNtmsSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetection Service for CDROM Access]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetectionIDriverT]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetectionIDriverTPlugPlay]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetectionIDriverTPlugPlayNVSvcRemoteAccess]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetectionIDriverTPlugPlayRpcLocatorRemoteAccessNtLmSsp]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Spooler Smart]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SpoolerAudioSrvRDSessMgr]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SpoolerAudioSrvRDSessMgrTrkWksALGSSDPSRVEventSystemwuauservEventlogImapiServicegusvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SpoolerNVSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SSDPSRVEventSystem]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SSDPSRVEventSystemwuauservEventlogImapiServicegusvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SwPrvSharedAccess]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SysmonLogAppMgmtCiSvcFastUserSwitchingCompatibility]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWksALG]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWksALGSSDPSRVEventSystemwuauservEventlogImapiServicegusvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWksImapiService]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWkslanmanserver]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWksNetmanSamSs]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UPSAudioSrvRDSessMgr]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\W32TimeSpoolerNVSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\winmgmtWmdmPmSNaspnet_stateLmHosts]
"ImagePath"=" û\06 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmdmPmSNaspnet_stateLmHosts]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrvAppMgmtCiSvcFastUserSwitchingCompatibility]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrvRemoteAccessNtLmSsp]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvcNtmsSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvcNtmsSvcTermService]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvcWebClient]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvcWebClientDhcp]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wscsvc Service for CDROM Access]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wscsvcDhcp]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauservDhcp]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauservEventlog]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauservEventlogImapiService]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauservEventlogImapiServicegusvc]
"ImagePath"="ð%€|x\01\09 srv"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\WgaTray.exe
c:\program files\Microsoft Hardware\Mouse\point32.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\rundll32.exe
c:\docume~1\Dennis\LOCALS~1\Temp\_iu14D2N.tmp
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-09 10:04:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-09 18:03:58

Pre-Run: 59,668,885,504 bytes free
Post-Run: 59,727,052,800 bytes free

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /bootlog

524 --- E O F --- 2008-09-27 04:11:43
 
On a side note the machine rebooted while running Combofix. When it came back on Threatfire was running again trying to quarrantine it! I deleted Threatfire (figure I could get it again if I wanted) but don't know if it interferred with the scan. I also noticed on the scan that Ad-Aware was a running program so I'm gonna delete it too.

Let me know if you want to run a new scan.

Thanks, Dennis. :)
 
On another side note :red: I'm getting a "Messenger Service" popup that says

Message from FROM to TO on 2008-11-09 10:24

STOP! SYSTEM MAY REQUIRE IMMEDIATE ATTENTION

Your operating system registry might be corrupt

To optionally fix your system registry

1. Download Registry Update from: www.helpfixpc.com
2. Install Registy Update
3. Run Registry Update
4. Reboot your computer

FAILURE TO ACT MAY LEAD TO THE FOLLOWING:

1. The compromise of personal information stored on your computer
2. Slow speeds running programs or system failures.

And then it has an OK button at the bottom which I did not push. I just X'd out of it, but it does seem to come back quite often. :oops:
 
Hi,

Sorry for delay. Power outages today cus hydro company was doing repairs.

Since you repair installed windows this left you without XP firewall enabled.
We need to turn that on especially if not behind a router.
You're way behind in patches now so are very open to many attacks but can't update to SP2 untill we finish cleaning out the junk.

Turn on XP firewall till we get to the point where we can install a 3rd party one.
How to:

Go to your control panel & double click "network connections"
Right click your network connection then hit properties.
Hit "advanced" tab.
Checkmark "protect my computer...." and OK out.
You should see the lock on your internet connection meaning firewalled.

XP firewall only monitors/controls incomming but it is better than nothing.

----------------------

That message you get is from Messenger service spam.
Messenger service is often used in office type networks for admin to send messages to client computers.
However spammers have found this hole and use it to advertise their junk.
Typical home user will never have the need for this service.
When you had SP2 -- that disabled it but since you are back at SP1 -- it is enabled by default.
We'll disable it & plug that hole & stop some of the traffic.

Click start> run> type services.msc and hit enter.
Scroll down to Messenger & double click it.
Change the startup type to disabled
Hit "stop"
Then Apply & OK out.
Exit services window.

Reboot machine

Run ComboFix again please & post the new C:\ComboFix.txt.

Create a new ERUNT backup when all done & a system restore point.

Next:

Download Dr.Webs CureIt to your desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Double-click the drweb-cureit.exe file and allow it to run the express scan.

This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select the "full system scan"

Click the green arrow > to the right and the scan will begin.

At the first infection, select 'Yes to all' if it asks if you want to cure/move the file.

When the scan has finished, click the "Select all" toggle button (if available) next to the files found

Then click the green cup icon right below and select Move incurable

This will move any infected files to the %userprofile%\DoctorWeb\quarantaine-folder that can't be cured (in case if we need samples).

Then, from the main Dr.Web CureIt menu (top left), click File and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit and Restart your computer to completely remove any stubborn files in reboot.

Post back with the DrWeb.csv report please and a new Hijackthis log.

Don't worry if DrWEb nuked parts of ComboFix. We can download it later again to finish repairs.

Let me know how system is running.

Do be extremly careful where you surf & what you download, emails and so on.
You have limited firewall, behind on service packs & you just uninstalled ThreatFire so you are very vulnerable to every piece of junk on the planet. :spider:
Don't run any of your p2p programs!

Thanks :)
 
Here's the ComboFix log:

ComboFix 08-11-07.01 - Dennis 2008-11-10 19:33:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.727 [GMT -8:00]
Running from: c:\documents and settings\Dennis\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\DinerDash.1.0.0.80 . . . . failed to delete
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67 . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-08 17:57 . 2008-11-08 17:57 801,610 --a------ C:\QDATA02.IDX
2008-11-08 16:12 . 2008-11-08 16:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2008-11-08 13:39 . 2002-12-04 20:01 820,864 -ra------ c:\windows\system32\drivers\nvmcp.sys
2008-11-08 13:39 . 2002-12-04 20:01 241,664 -ra------ c:\windows\system32\drivers\nvapu.sys
2008-11-08 13:39 . 2002-12-04 20:01 62,336 -ra------ c:\windows\system32\drivers\nvarm.sys
2008-11-08 13:39 . 2002-12-04 20:01 44,032 -ra------ c:\windows\system32\OpenAL32.dll
2008-11-08 13:39 . 2002-12-04 20:01 44,032 -ra------ c:\windows\system32\nvopenal.dll
2008-11-08 13:39 . 2002-12-04 20:01 30,720 -ra------ c:\windows\system32\nvasio.dll
2008-11-08 13:39 . 2002-12-04 20:01 13,056 -ra------ c:\windows\system32\drivers\nvax.sys
2008-11-08 13:39 . 2002-12-04 20:01 5,120 -ra------ c:\windows\system32\ALut.dll
2008-11-08 13:39 . 2002-12-04 20:01 4,096 -ra------ c:\windows\system32\nvack.dll
2008-11-08 13:37 . 2002-08-29 02:01 134,272 --a------ c:\windows\system32\drivers\portcls.sys
2008-11-08 13:37 . 2002-08-29 02:01 134,272 --a--c--- c:\windows\system32\dllcache\portcls.sys
2008-11-08 13:37 . 2002-08-29 01:32 57,856 --a------ c:\windows\system32\drivers\drmk.sys
2008-11-08 13:37 . 2002-08-29 01:32 57,856 --a--c--- c:\windows\system32\dllcache\drmk.sys
2008-11-08 13:37 . 2001-08-17 22:37 22,016 --a------ c:\windows\system32\wdmaud.drv
2008-11-08 13:02 . 2002-10-03 23:23 80,896 -ra------ c:\windows\system32\drivers\NVENET.sys
2008-11-08 13:02 . 2002-10-03 23:23 1,024 -ra------ c:\windows\system32\drivers\jedih2rx.bin
2008-11-08 13:02 . 2002-10-03 23:23 122 -ra------ c:\windows\system32\drivers\ramsed.bin
2008-11-08 13:02 . 2002-10-03 23:23 42 -ra------ c:\windows\system32\drivers\jedireg.pat
2008-11-08 12:55 . 2008-11-08 12:55 3,813 --a------ c:\windows\Ascd_tmp.ini
2008-11-08 12:23 . 2008-11-08 13:04 <DIR> d-------- c:\windows\LastGood.Tmp
2008-11-08 09:59 . 2008-11-08 09:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-08 09:35 . 2006-10-22 12:22 208,896 --a------ c:\windows\system32\nvudisp.exe
2008-11-08 09:35 . 2008-11-10 19:40 88,566 --a------ c:\windows\system32\nvapps.xml
2008-11-08 09:35 . 2006-10-22 12:22 17,056 --a------ c:\windows\system32\nvdisp.nvu
2008-11-08 09:33 . 2006-10-22 15:06 208,896 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-06 14:28 . 2008-11-06 14:28 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-11-06 14:28 . 2008-11-06 14:28 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Leadertech
2008-11-04 20:56 . 2008-11-04 21:12 3,484 --a------ c:\windows\system32\PerfStringBackup.TMP
2008-11-04 20:38 . 2002-08-29 04:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-11-04 20:37 . 2001-08-17 22:36 2,134,528 --a--c--- c:\windows\system32\dllcache\EXCH_smtpsnap.dll
2008-11-04 20:36 . 2008-11-04 20:36 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-11-04 20:36 . 2008-11-04 20:36 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-11-04 20:34 . 2002-08-29 04:00 106,562 --a--c--- c:\windows\system32\dllcache\srchctls.dll
2008-11-04 20:34 . 2008-11-04 20:34 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-04 20:34 . 2008-11-04 20:34 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-04 20:34 . 2008-11-04 20:34 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-11-04 20:34 . 2008-11-04 20:34 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-11-04 20:34 . 2008-11-04 20:34 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-04 20:31 . 2002-08-29 04:00 1,267,712 --a--c--- c:\windows\system32\dllcache\cimwin32.dll
2008-11-04 20:26 . 2001-08-17 13:59 50,048 --a------ c:\windows\system32\drivers\DMusic.sys
2008-11-04 20:26 . 2002-08-29 01:32 5,888 --a------ c:\windows\system32\drivers\splitter.sys
2008-11-04 20:11 . 2002-08-29 04:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2008-11-04 20:11 . 2002-08-29 04:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2008-11-04 20:11 . 2002-08-29 04:00 13,312 --a------ c:\windows\system32\irclass.dll
2008-11-04 20:11 . 2002-08-29 04:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll
2008-11-04 20:10 . 2002-08-29 04:00 1,086,182 -ra------ c:\windows\SET60.tmp
2008-11-04 20:10 . 2002-08-29 04:00 13,608 -ra------ c:\windows\SET75.tmp
2008-11-04 12:36 . 2002-08-29 01:27 56,576 --a------ c:\windows\system32\drivers\redbook.sys
2008-11-04 12:32 . 2002-08-29 03:46 38,024 --a------ c:\windows\system32\drivers\termdd.sys
2008-11-04 12:31 . 2002-08-29 04:00 696,320 --a--c--- c:\windows\system32\dllcache\sapi.dll
2008-11-04 12:31 . 2002-08-29 04:00 147,456 --a--c--- c:\windows\system32\dllcache\sapi.cpl
2008-11-04 12:31 . 2002-08-29 04:00 132,096 --a------ c:\windows\system\WINSPOOL.DRV
2008-11-04 12:31 . 2002-08-29 03:41 71,168 --a------ c:\windows\system32\storprop.dll
2008-11-04 12:31 . 2002-08-29 04:00 22,016 --a--c--- c:\windows\system32\dllcache\agt0408.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,968 --a--c--- c:\windows\system32\dllcache\agt040e.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,456 --a--c--- c:\windows\system32\dllcache\agt041f.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,456 --a--c--- c:\windows\system32\dllcache\agt0419.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,456 --a--c--- c:\windows\system32\dllcache\agt0415.dll
2008-11-04 12:31 . 2002-08-29 04:00 19,456 --a--c--- c:\windows\system32\dllcache\agt0405.dll
2008-11-04 12:31 . 2002-08-29 04:00 10,496 --a------ c:\windows\system32\drivers\irenum.sys
2008-11-04 12:31 . 2002-08-29 04:00 10,496 --a--c--- c:\windows\system32\dllcache\irenum.sys
2008-10-29 19:10 . 2008-10-29 19:10 20,992 --ahs---- c:\windows\system32\accwizh.dll
2008-10-28 19:41 . 2008-10-28 19:41 <DIR> d-------- c:\program files\ERUNT
2008-10-24 21:34 . 2008-10-24 21:34 <DIR> d-------- C:\New Folder
2008-10-24 21:28 . 2008-10-24 21:28 <DIR> d-------- C:\backups
2008-10-20 17:17 . 2008-10-20 17:17 <DIR> d-------- c:\documents and settings\Guest\Application Data\MX
2008-10-18 16:57 . 2008-11-09 10:02 <DIR> d-------- c:\program files\ThreatFire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 18:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-09 18:02 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-08 18:49 --------- d-----w c:\documents and settings\Dennis\Application Data\MSN6
2008-11-06 23:04 --------- d-----w c:\program files\MSN Messenger
2008-11-03 02:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-25 03:59 --------- d-----w c:\program files\Trend Micro
2008-10-19 17:37 --------- d-----w c:\program files\EA GAMES
2008-10-05 09:38 --------- d-----w c:\program files\Microsoft Silverlight
2008-09-30 04:45 --------- d-----w c:\program files\Palm
2008-09-30 04:44 --------- d-----w c:\program files\Common Files\Skyscape
2008-09-25 03:28 134,992 ----a-w C:\QDATA02OFXLOG.DAT
2008-09-19 21:20 --------- d-----w c:\program files\Lavasoft
2008-09-19 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-09-18 00:00 --------- d-----w c:\program files\Google
2008-09-16 04:36 --------- d-----w c:\program files\MSN Games
2008-09-16 04:34 --------- d-----w c:\program files\Yahoo!
2008-09-16 04:29 --------- d-----w c:\program files\Oberon Media
2008-09-15 07:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-14 20:42 92,672 ----a-w c:\documents and settings\Administrator\KillBox.exe
2008-09-12 08:36 30,592 ----a-w c:\windows\system32\drivers\Winvb84.sys
2008-09-12 00:55 --------- d-----w c:\documents and settings\Guest\Application Data\alot
2006-11-24 21:28 807,624 ----a-w c:\program files\DF_BHD_Pinger_5_0_BHD_TS_v1_5_0_5_-_Creator_Dstructr.zip
2006-07-11 23:00 5,632 --sha-w c:\program files\Thumbs.db
2005-02-10 07:01 79,068,001 ----a-w c:\program files\Blackopsv1.0.zip
2004-03-15 21:29 299,624 ----a-w c:\program files\dxwebsetup.exe
2003-10-16 00:07 2,245 ----a-w c:\program files\_FILES.PFF
2003-10-14 22:49 84 ----a-w c:\program files\UPDATE.WIZ
2003-10-13 22:31 403 ----a-w c:\program files\STARTUP.HTM
2003-10-06 20:29 4,244 ----a-w c:\program files\Gameerr.bin
2003-10-02 17:18 95,377 ----a-w c:\program files\dfvgame.LWF
2003-09-26 22:21 74,534 ----a-w c:\program files\MogSlm04.3di
2003-09-25 23:44 51,529 ----a-w c:\program files\Gametext.bin
2003-09-25 23:04 353,399 ----a-w c:\program files\FAH6b.3di
2003-09-25 23:03 399,366 ----a-w c:\program files\FAH6a.3di
2003-09-25 22:51 644,422 ----a-w c:\program files\fblkhawk.3di
2003-09-25 22:50 668,018 ----a-w c:\program files\fblkhawf.3di
2003-09-25 22:42 649,693 ----a-w c:\program files\fblkhawd.3di
2003-09-24 22:07 116,841 ----a-w c:\program files\ammo.def
2003-09-23 23:55 81,705 ----a-w c:\program files\weapon.def
2003-09-18 21:27 30,647 ----a-w c:\program files\menutxt.bin
2003-09-17 01:29 29,731 ----a-w c:\program files\EMOTE13.bad
2003-09-16 21:46 8,286 ----a-w c:\program files\DELTA01.ADM
2003-09-16 18:04 1,194,796 ----a-w c:\program files\RE_Bsmt.3di
2003-09-16 16:56 49,566 ----a-w c:\program files\MogSlm01.3di
2003-09-15 20:37 73,497 ----a-w c:\program files\dfvmenus.mnu
2003-07-10 21:35 10,538 ----a-w c:\program files\airexp2.ptl
2003-07-10 21:35 1,614 ----a-w c:\program files\bcasings.ptl
2003-07-10 21:35 1,573 ----a-w c:\program files\casings.ptl
2003-07-08 20:47 18,629 ----a-w c:\program files\bird1.pcx
2003-05-30 21:38 4,553 ----a-w c:\program files\ADP_11B.til
2003-05-30 21:38 4,553 ----a-w c:\program files\ADP_11A.til
2003-05-30 21:38 25,647 ----a-w c:\program files\ADP_11B.bms
2003-05-30 21:38 25,647 ----a-w c:\program files\ADP_11A.bms
2003-05-20 21:11 9,173 ----a-w c:\program files\KYLE.WAC
2003-05-07 17:28 225,045 ----a-w c:\program files\Btn_ign.tga
2003-04-17 23:47 185,371 ----a-w c:\program files\FHum50N.3di
2003-04-17 23:32 190,602 ----a-w c:\program files\FHum50X.3di
2003-04-17 23:18 167,321 ----a-w c:\program files\FHum50P.3di
2003-04-17 23:04 167,156 ----a-w c:\program files\FHum50.3di
2003-04-14 23:16 28,805 ----a-w c:\program files\FBK_03a.bms
2003-04-14 23:16 28,793 ----a-w c:\program files\FBK_03b.bms
2003-04-14 23:16 1,540 ----a-w c:\program files\FBK_03b.til
2003-04-14 23:16 1,540 ----a-w c:\program files\FBK_03a.til
2003-04-10 21:58 1,486,671 ----a-w c:\program files\BHD_ups2.tga
2003-04-09 20:47 64,693 ----a-w c:\program files\SPBHD_14.bms
2003-04-09 20:47 2,233 ----a-w c:\program files\SPBHD_14.til
2003-04-04 22:49 242,110 ----a-w c:\program files\Btn_gmdm.tga
2003-04-04 22:33 254,761 ----a-w c:\program files\Btn_zila.tga
2003-04-04 22:27 102,727 ----a-w c:\program files\Btn_lnk2.tga
2003-04-04 22:23 59,374 ----a-w c:\program files\Btn_ext2.tga
2003-03-26 18:43 28,122 ----a-w c:\program files\SDK_01b.bms
2003-03-26 18:43 10,401 ----a-w c:\program files\SDK_01b.til
2003-03-26 18:41 5,140 ----a-w c:\program files\ADK_02b.til
2003-03-26 18:41 30,835 ----a-w c:\program files\ADK_02b.bms
2003-03-26 18:40 30,101 ----a-w c:\program files\ADK_01b.bms
2003-03-26 18:40 10,429 ----a-w c:\program files\ADK_01b.til
2003-03-25 23:32 32,592 ----a-w c:\program files\CTFK_02b.bms
2003-03-25 23:32 10,455 ----a-w c:\program files\CTFK_02b.til
2003-03-25 23:28 30,106 ----a-w c:\program files\ADK_01a.bms
2003-03-25 23:28 10,429 ----a-w c:\program files\ADK_01a.til
2003-03-25 22:21 13,774 ----a-w c:\program files\dfvdbgov.mnu
2003-03-25 18:52 73,378 ----a-w c:\program files\MogBlk07.3DI
2003-03-25 18:16 31,569 ----a-w c:\program files\SDM_01b.bms
2003-03-25 18:15 31,551 ----a-w c:\program files\SDM_01a.bms
2003-03-25 18:09 6,396 ----a-w c:\program files\DMM_01h.til
2003-03-25 18:09 39,417 ----a-w c:\program files\DMM_01h.bms
2003-03-25 18:03 6,396 ----a-w c:\program files\CTFK_03a.til
2003-03-25 18:03 41,222 ----a-w c:\program files\CTFK_03a.bms
2003-03-25 17:59 6,396 ----a-w c:\program files\CTFK_03b.til
2003-03-25 17:59 41,225 ----a-w c:\program files\CTFK_03b.bms
2003-03-24 22:44 6,569 ----a-w c:\program files\zboard.key
2003-03-24 21:13 31,939 ----a-w c:\program files\SDM_02b.bms
2003-03-24 21:01 20,403 ----a-w c:\program files\SDP_01B.bms
2003-03-24 20:52 19,433 ----a-w c:\program files\SDM_01f.bms
2003-03-24 18:54 55,788 ----a-w c:\program files\CTFM_05B.bms
2003-03-24 18:50 55,998 ----a-w c:\program files\CTFM_05A.bms
2003-03-21 23:15 44,500 ----a-w c:\program files\SPBHD_13.bms
2003-03-21 23:15 10,567 ----a-w c:\program files\SPBHD_13.til
2003-03-21 17:18 31,450 ----a-w c:\program files\TKHM_02b.bms
2003-03-21 17:16 31,424 ----a-w c:\program files\TKHM_02a.bms
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-17 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneTouch Monitor"="c:\progra~1\VISION~1\ONETOU~2.EXE" [2001-10-16 86016]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]
"nForce Tray Options"="sstray.exe" [2002-11-12 c:\windows\system32\sstray.exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-12 45056]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-12-25 28672]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\system32\ctmp3.acm
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Dennis\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"=
"c:\\Documents and Settings\\Dennis\\Local Settings\\Application Data\\Abacast\\Abaclient2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\System32\DRIVERS\si3112r.sys [2005-11-10 102400]
.
Contents of the 'Scheduled Tasks' folder

2008-11-11 c:\windows\Tasks\User_Feed_Synchronization-{41111FB6-E87B-4712-9635-90034B0CC9F3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nj8ii6fe.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 19:40:26
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AlerterRasAutoAticlr_optimization_v2.0.50727_32]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AlerterRpcSs]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmtCiSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmtCiSvcFastUserSwitchingCompatibility]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmtFastUserSwitchingCompatibility]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService PMSP Service]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceMessengerRSVP]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceNetman]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aspnet_stateLmHosts]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Aticlr_optimization_v2.0.50727_32]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Aticlr_optimization_v2.0.50727_32AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AudioSrvRDSessMgr]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BITSDcomLaunch]
"ImagePath"=" û\06 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Browseraspnet_stateLmHosts]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Browserwuauserv]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BrowserwuauservALG]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BrowserwuauservW32TimeSpoolerNVSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ClipSrvSSDPSRVEventSystemwuauservEventlogImapiServicegusvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\clr_optimization_v2.0.50727_32RasMan]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\COMSysAppFastUserSwitchingCompatibility]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\COMSysAppFastUserSwitchingCompatibilityWMPNetworkSvcWebClient]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DhcpNetman]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmadminEventlog]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Dnscachegusvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventSystemgusvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventSystemgusvcWMPNetworkSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gusvcstisvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HidServaspnet_state]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LmHostsNtLmSsp]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MessengerRSVP]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTCWZCSVC]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility Smart]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSIServerTrkWksALG]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDEclr_optimization_v2.0.50727_32]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDEdsdm Smart]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDEdsdmgusvcstisvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetmanSamSs]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetmanWMPNetworkSvcNtmsSvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NlaSENS]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVSvchkmsvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVSvcRemoteAccess]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVSvcRemoteAccessDhcpNetman]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PolicyAgentWebClient]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PolicyAgentWebClientWmiApSrv]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasAutoAticlr_optimization_v2.0.50727_32]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RemoteAccessNtLmSsp]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RemoteAccessPolicyAgentWebClient]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RpcLocatorRemoteAccessNtLmSsp]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SCardSvrThemes]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\seclogonALG]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccessWMPNetworkSvcNtmsSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetection Service for CDROM Access]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetectionIDriverT]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetectionIDriverTPlugPlay]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetectionIDriverTPlugPlayNVSvcRemoteAccess]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetectionIDriverTPlugPlayRpcLocatorRemoteAccessNtLmSsp]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Spooler Smart]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SpoolerAudioSrvRDSessMgr]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SpoolerAudioSrvRDSessMgrTrkWksALGSSDPSRVEventSystemwuauservEventlogImapiServicegusvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SpoolerNVSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SSDPSRVEventSystem]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SSDPSRVEventSystemwuauservEventlogImapiServicegusvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SwPrvSharedAccess]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SysmonLogAppMgmtCiSvcFastUserSwitchingCompatibility]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWksALG]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWksALGSSDPSRVEventSystemwuauservEventlogImapiServicegusvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWksImapiService]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWkslanmanserver]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWksNetmanSamSs]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UPSAudioSrvRDSessMgr]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\W32TimeSpoolerNVSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\winmgmtWmdmPmSNaspnet_stateLmHosts]
"ImagePath"=" û\06 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmdmPmSNaspnet_stateLmHosts]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrvAppMgmtCiSvcFastUserSwitchingCompatibility]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrvRemoteAccessNtLmSsp]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvcNtmsSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvcNtmsSvcTermService]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvcWebClient]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvcWebClientDhcp]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wscsvc Service for CDROM Access]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wscsvcDhcp]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauservDhcp]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauservEventlog]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauservEventlogImapiService]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauservEventlogImapiServicegusvc]
"ImagePath"="ð%€|x\01\09 srv"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\WgaTray.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-11-10 19:48:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-11 03:48:37
ComboFix2.txt 2008-11-09 18:04:04

Pre-Run: 59,642,912,768 bytes free
Post-Run: 59,623,510,016 bytes free

448 --- E O F --- 2008-09-27 04:11:43
 
Wow, a little over 6 hours of scanning! :bigthumb: Here's the DrWeb scan:

RegUBP2b-Dennis.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
107cd1bb-1e50329c\MagicApplet.class;C:\Documents and Settings\Denice\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-1e50329c;VBS.Siggen.1989;;
107cd1bb-1e50329c\OwnClassLoader.class;C:\Documents and Settings\Denice\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-1e50329c;Exploit.ByteVerify;;
107cd1bb-1e50329c\ProxyClassLoader.class;C:\Documents and Settings\Denice\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-1e50329c;Exploit.ByteVerify;;
107cd1bb-1e50329c\Installer.class;C:\Documents and Settings\Denice\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-1e50329c;VBS.Siggen.5970;;
107cd1bb-1e50329c;C:\Documents and Settings\Denice\Application Data\Sun\Java\Deployment\cache\6.0\59;Archive contains infected objects;Moved.;
.tt12.tmp.vbs;C:\Documents and Settings\Denice\Local Settings\Temp;Trojan.ResetSR;Deleted.;
.tt13.tmp.vbs;C:\Documents and Settings\Denice\Local Settings\Temp;Trojan.ResetSR;Deleted.;
.tt16.tmp.vbs;C:\Documents and Settings\Denice\Local Settings\Temp;Trojan.ResetSR;Deleted.;
.tt2.tmp.vbs;C:\Documents and Settings\Denice\Local Settings\Temp;Trojan.ResetSR;Deleted.;
.tt3.tmp.vbs;C:\Documents and Settings\Denice\Local Settings\Temp;Trojan.ResetSR;Deleted.;
.tt3B.tmp.vbs;C:\Documents and Settings\Denice\Local Settings\Temp;Trojan.ResetSR;Deleted.;
.tt4.tmp.vbs;C:\Documents and Settings\Denice\Local Settings\Temp;Trojan.ResetSR;Deleted.;
.tt5.tmp.vbs;C:\Documents and Settings\Denice\Local Settings\Temp;Trojan.ResetSR;Deleted.;
.tt6.tmp.vbs;C:\Documents and Settings\Denice\Local Settings\Temp;Trojan.ResetSR;Deleted.;
.tt7.tmp.vbs;C:\Documents and Settings\Denice\Local Settings\Temp;Trojan.ResetSR;Deleted.;
.tt8.tmp.vbs;C:\Documents and Settings\Denice\Local Settings\Temp;Trojan.ResetSR;Deleted.;
.ttD.tmp.vbs;C:\Documents and Settings\Denice\Local Settings\Temp;Trojan.ResetSR;Deleted.;
ComboFix.exe\32788R22FWJFW\C.bat;C:\Documents and Settings\Dennis\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Dennis\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Dennis\Desktop;Archive contains infected objects;Moved.;
smitRem.exe\smitRem/Process.exe;C:\Documents and Settings\Dennis\My Documents\smitRem.exe;Tool.Prockill;;
smitRem.exe\smitRem/pv.exe;C:\Documents and Settings\Dennis\My Documents\smitRem.exe;Program.PrcView.3741;;
smitRem.exe;C:\Documents and Settings\Dennis\My Documents;Archive contains infected objects;Moved.;
TumblebugsSetup-dm[1].exe;C:\Downloads;Adware.TryMedia;Moved.;
618496_5c3317489_\sdcmon.dll;C:\Program Files\Support.com\backup\sd\sdcmon.dll\618496_5c3317489_;Probably DLOADER.Trojan;;
618496_5c3317489_;C:\Program Files\Support.com\backup\sd\sdcmon.dll;Archive contains infected objects;Moved.;
819200_5be9d0a24_\tgupdate.exe;C:\Program Files\Support.com\backup\tg\tgupdate.exe\819200_5be9d0a24_;Probably DLOADER.Trojan;;
819200_5be9d0a24_;C:\Program Files\Support.com\backup\tg\tgupdate.exe;Archive contains infected objects;Moved.;
sdcmon.dll;C:\Program Files\Support.com\bin;Probably DLOADER.Trojan;Moved.;
tgupdate.exe;C:\Program Files\Support.com\bin;Probably DLOADER.Trojan;Moved.;
brastk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Trojan.Packed.1214;Deleted.;
karina.dat.vir;C:\Qoobox\Quarantine\C\WINDOWS;Trojan.Proxy.1739;Deleted.;
karna.dat.vir;C:\Qoobox\Quarantine\C\WINDOWS;Trojan.Proxy.1739;Deleted.;
7.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.1321;Deleted.;
karna.dat.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Proxy.1739;Deleted.;
WinCtrl32.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.Bulknet.314;Deleted.;
WinCtrl32.dl_.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.Bulknet.314;Deleted.;
wini10541.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.1475;Deleted.;
125.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Fakealert.1321;Deleted.;
156.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Packed.636;Deleted.;
171.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Packed.636;Deleted.;
187.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.DownLoad.4608;Deleted.;
203.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.DownLoad.4608;Deleted.;
31.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Packed.638;Deleted.;
343.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Packed.638;Deleted.;
437.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.DownLoad.12590;Deleted.;
531.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Fakealert.1321;Deleted.;
546.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.DownLoad.4608;Deleted.;
578.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.DownLoad.12590;Deleted.;
640.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.MulDrop.17829;Deleted.;
687.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Packed.638;Deleted.;
718.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Packed.638;Deleted.;
796.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Fakealert.1321;Deleted.;
843.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.DownLoad.4608;Deleted.;
890.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Fakealert.1321;Deleted.;
906.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Fakealert.1321;Deleted.;
937.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Packed.638;Deleted.;
984.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Packed.638;Deleted.;
A0000002.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0000037.reg;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;Trojan.StartPage.1505;Deleted.;
A0000059.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0001059.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0001065.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0002065.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0002069.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0002072.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0002076.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0003076.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0003080.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0004080.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0004083.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0005083.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0005093.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0006093.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0006096.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP0;BackDoor.Bulknet.300;Deleted.;
A0007097.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP1;BackDoor.Bulknet.300;Deleted.;
A0008096.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP1;BackDoor.Bulknet.300;Deleted.;
A0009096.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP1;BackDoor.Bulknet.300;Deleted.;
A0010096.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP1;BackDoor.Bulknet.300;Deleted.;
A0010099.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP1;BackDoor.Bulknet.300;Deleted.;
A0011099.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP1;BackDoor.Bulknet.300;Deleted.;
A0012099.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP1;BackDoor.Bulknet.300;Deleted.;
A0013099.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP1;BackDoor.Bulknet.300;Deleted.;
A0013102.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP1;BackDoor.Bulknet.300;Deleted.;
A0016452.sys;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP11;Trojan.Rntm.10;Deleted.;
A0016463.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP11;BackDoor.Bulknet.300;Deleted.;
A0016485.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP11;BackDoor.Bulknet.314;Deleted.;
A0016490.sys;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP11;Trojan.Rntm.10;Deleted.;
A0016532.exe\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP11\A0016532.exe;Probably BATCH.Virus;;
A0016532.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP11\A0016532.exe;Program.PsExec.171;;
A0016532.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP11;Archive contains infected objects;Moved.;
A0016533.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Click.19754;Deleted.;
A0016536.exe\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12\A0016536.exe;Probably BATCH.Virus;;
A0016536.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12\A0016536.exe;Program.PsExec.171;;
A0016536.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Archive contains infected objects;Moved.;
A0016544.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Packed.1214;Deleted.;
A0016547.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;BackDoor.Bulknet.314;Deleted.;
A0016551.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Fakealert.1475;Deleted.;
A0016553.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Fakealert.1321;Deleted.;
A0016554.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Packed.636;Deleted.;
A0016555.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Packed.636;Deleted.;
A0016556.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.DownLoad.4608;Deleted.;
A0016557.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.DownLoad.4608;Deleted.;
A0016558.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Packed.638;Deleted.;
A0016560.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Packed.638;Deleted.;
A0016561.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.DownLoad.12590;Deleted.;
A0016563.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Fakealert.1321;Deleted.;
A0016564.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.DownLoad.4608;Deleted.;
A0016565.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.DownLoad.12590;Deleted.;
A0016566.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.MulDrop.17829;Deleted.;
A0016567.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Packed.638;Deleted.;
A0016569.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Packed.638;Deleted.;
A0016572.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Fakealert.1321;Deleted.;
A0016573.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.DownLoad.4608;Deleted.;
A0016574.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Fakealert.1321;Deleted.;
A0016575.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Fakealert.1321;Deleted.;
A0016577.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Packed.638;Deleted.;
A0016579.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Packed.638;Deleted.;
A0016591.bat;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Probably BATCH.Virus;Moved.;
A0016680.EXE;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Program.PsExec.170;Moved.;
A0016681.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Click.19754;Deleted.;
A0016682.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Click.19754;Deleted.;
A0016683.scr;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12;Trojan.Fakealert.1321;Deleted.;
MFEX-1.DAT;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP12\snapshot;BackDoor.Bulknet.314;Deleted.;
A0016808.bat;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP14;Probably BATCH.Virus;Moved.;
A0016815.EXE;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP14;Program.PsExec.170;Moved.;
A0016851.reg;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP15;Trojan.StartPage.1505;Deleted.;
A0016852.exe\32788R22FWJFW\C.bat;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP15\A0016852.exe;Probably BATCH.Virus;;
A0016852.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP15\A0016852.exe;Program.PsExec.171;;
A0016852.exe;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP15;Archive contains infected objects;Moved.;
A0014102.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP2;BackDoor.Bulknet.300;Deleted.;
A0014141.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP2;BackDoor.Bulknet.300;Deleted.;
A0015155.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP2;BackDoor.Bulknet.300;Deleted.;
A0016141.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP2;BackDoor.Bulknet.300;Deleted.;
A0016146.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP2;BackDoor.Bulknet.300;Deleted.;
A0016271.dll;C:\System Volume Information\_restore{ACCA21CA-BF96-472C-ACAB-F72510896CE8}\RP2;BackDoor.Bulknet.300;Deleted.;
popcaploader.dll;C:\WINDOWS\Downloaded Program Files;Program.PopcapLoader;Moved.;
13.tmp;C:\WINDOWS\system32;Trojan.Fakealert.1321;Deleted.;
14.tmp;C:\WINDOWS\system32;Trojan.Fakealert.1321;Deleted.;
 
And the HijackThis log: :bigthumb:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:19 AM, on 11/11/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://myspace.oberon-media.com/gam...cd/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://myspace.oberon-media.com/gam...5/online/diner_dash/en/DinerDash.1.0.0.80.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alerter AlerterRasAutoAticlr_optimization_v2.0.50727_32 (AlerterRasAutoAticlr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\
O23 - Service: Alerter AlerterRpcSs (AlerterRpcSs) - Unknown owner - .exe (file missing)
O23 - Service: Application Management AppMgmtCiSvc (AppMgmtCiSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Application Management AppMgmtCiSvc AppMgmtCiSvcFastUserSwitchingCompatibility (AppMgmtCiSvcFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\
O23 - Service: Application Management AppMgmtFastUserSwitchingCompatibility (AppMgmtFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\
O23 - Service: Application Management AppMgmtFastUserSwitchingCompatibility AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService (AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: Application Management AppMgmtFastUserSwitchingCompatibility AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService PMSP Service (AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService PMSP Service) - Unknown owner - C:\WINDOWS\
O23 - Service: Application Management AppMgmtFastUserSwitchingCompatibility AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService PMSP Service AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceMessengerRSVP (AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceMessengerRSVP) - Unknown owner - .exe (file missing)
O23 - Service: Application Management AppMgmtFastUserSwitchingCompatibility AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceNetman (AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceNetman) - Unknown owner - C:\WINDOWS\
O23 - Service: ASP.NET State Service aspnet_stateLmHosts (aspnet_stateLmHosts) - Unknown owner - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Ati HotKey Poller Aticlr_optimization_v2.0.50727_32 (Aticlr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\
O23 - Service: Ati HotKey Poller Aticlr_optimization_v2.0.50727_32 Aticlr_optimization_v2.0.50727_32AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService (Aticlr_optimization_v2.0.50727_32AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService) - Unknown owner - .exe (file missing)
O23 - Service: Windows Audio AudioSrvRDSessMgr (AudioSrvRDSessMgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Background Intelligent Transfer Service BITSDcomLaunch (BITSDcomLaunch) - Unknown owner - .exe (file missing)
O23 - Service: Computer Browser Browseraspnet_stateLmHosts (Browseraspnet_stateLmHosts) - Unknown owner - .exe (file missing)
O23 - Service: Computer Browser Browserwuauserv (Browserwuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Computer Browser Browserwuauserv BrowserwuauservALG (BrowserwuauservALG) - Unknown owner - C:\WINDOWS\
O23 - Service: Computer Browser Browserwuauserv BrowserwuauservW32TimeSpoolerNVSvc (BrowserwuauservW32TimeSpoolerNVSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: ClipBook ClipSrvSSDPSRVEventSystemwuauservEventlogImapiServicegusvc (ClipSrvSSDPSRVEventSystemwuauservEventlogImapiServicegusvc) - Unknown owner - .exe (file missing)
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32RasMan (clr_optimization_v2.0.50727_32RasMan) - Unknown owner - C:\WINDOWS\
O23 - Service: COM+ System Application COMSysAppFastUserSwitchingCompatibility (COMSysAppFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\
O23 - Service: COM+ System Application COMSysAppFastUserSwitchingCompatibility COMSysAppFastUserSwitchingCompatibilityWMPNetworkSvcWebClient (COMSysAppFastUserSwitchingCompatibilityWMPNetworkSvcWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DHCP Client DhcpNetman (DhcpNetman) - Unknown owner - .exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service dmadminEventlog (dmadminEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: DNS Client Dnscachegusvc (Dnscachegusvc) - Unknown owner - C:\WINDOWS\
O23 - Service: COM+ Event System EventSystemgusvc (EventSystemgusvc) - Unknown owner - C:\WINDOWS\
O23 - Service: COM+ Event System EventSystemgusvc EventSystemgusvcWMPNetworkSvc (EventSystemgusvcWMPNetworkSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Google Updater Service gusvcstisvc (gusvcstisvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Human Interface Device Access HidServaspnet_state (HidServaspnet_state) - Unknown owner - .exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TCP/IP NetBIOS Helper LmHostsNtLmSsp (LmHostsNtLmSsp) - Unknown owner - C:\WINDOWS\
O23 - Service: Messenger MessengerRSVP (MessengerRSVP) - Unknown owner - .exe (file missing)
O23 - Service: Distributed Transaction Coordinator MSDTCWZCSVC (MSDTCWZCSVC) - Unknown owner - C:\WINDOWS\
O23 - Service: Distributed Transaction Coordinator MSDTCWZCSVC MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility (MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility) - Unknown owner - .exe (file missing)
O23 - Service: Distributed Transaction Coordinator MSDTCWZCSVC MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility Smart (MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility Smart) - Unknown owner - .exe (file missing)
O23 - Service: Windows Installer MSIServerTrkWksALG (MSIServerTrkWksALG) - Unknown owner - .exe (file missing)
O23 - Service: Network DDE NetDDEclr_optimization_v2.0.50727_32 (NetDDEclr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\
O23 - Service: Network DDE DSDM NetDDEdsdm Smart (NetDDEdsdm Smart) - Unknown owner - C:\WINDOWS\
O23 - Service: Network DDE DSDM NetDDEdsdmgusvcstisvc (NetDDEdsdmgusvcstisvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Network Connections NetmanSamSs (NetmanSamSs) - Unknown owner - .exe (file missing)
O23 - Service: Network Connections NetmanWMPNetworkSvcNtmsSvc (NetmanWMPNetworkSvcNtmsSvc) - Unknown owner - .exe (file missing)
O23 - Service: Network Location Awareness (NLA) NlaSENS (NlaSENS) - Unknown owner - C:\WINDOWS\
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: NVIDIA Driver Helper Service NVSvchkmsvc (NVSvchkmsvc) - Unknown owner - .exe (file missing)
O23 - Service: NVIDIA Driver Helper Service NVSvcRemoteAccess (NVSvcRemoteAccess) - Unknown owner - C:\WINDOWS\
O23 - Service: NVIDIA Driver Helper Service NVSvcRemoteAccess NVSvcRemoteAccessDhcpNetman (NVSvcRemoteAccessDhcpNetman) - Unknown owner - .exe (file missing)
O23 - Service: IPSEC Services PolicyAgentWebClient (PolicyAgentWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: IPSEC Services PolicyAgentWebClient PolicyAgentWebClientWmiApSrv (PolicyAgentWebClientWmiApSrv) - Unknown owner - .exe (file missing)
O23 - Service: Remote Access Auto Connection Manager RasAutoAticlr_optimization_v2.0.50727_32 (RasAutoAticlr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\
O23 - Service: Routing and Remote Access RemoteAccessNtLmSsp (RemoteAccessNtLmSsp) - Unknown owner - C:\WINDOWS\
O23 - Service: Routing and Remote Access RemoteAccessPolicyAgentWebClient (RemoteAccessPolicyAgentWebClient) - Unknown owner - .exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator RpcLocatorRemoteAccessNtLmSsp (RpcLocatorRemoteAccessNtLmSsp) - Unknown owner - C:\WINDOWS\
O23 - Service: Smart Card SCardSvrThemes (SCardSvrThemes) - Unknown owner - C:\WINDOWS\
O23 - Service: Secondary Logon seclogonALG (seclogonALG) - Unknown owner - .exe (file missing)
O23 - Service: Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) SharedAccessWMPNetworkSvcNtmsSvc (SharedAccessWMPNetworkSvcNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Shell Hardware Detection ShellHWDetection Service for CDROM Access (ShellHWDetection Service for CDROM Access) - Unknown owner - C:\WINDOWS\
O23 - Service: Shell Hardware Detection ShellHWDetectionIDriverT (ShellHWDetectionIDriverT) - Unknown owner - C:\WINDOWS\
O23 - Service: Shell Hardware Detection ShellHWDetectionIDriverT ShellHWDetectionIDriverTPlugPlay (ShellHWDetectionIDriverTPlugPlay) - Unknown owner - .exe (file missing)
O23 - Service: Shell Hardware Detection ShellHWDetectionIDriverT ShellHWDetectionIDriverTPlugPlay ShellHWDetectionIDriverTPlugPlayNVSvcRemoteAccess (ShellHWDetectionIDriverTPlugPlayNVSvcRemoteAccess) - Unknown owner - .exe (file missing)
O23 - Service: Shell Hardware Detection ShellHWDetectionIDriverT ShellHWDetectionIDriverTPlugPlay ShellHWDetectionIDriverTPlugPlayRpcLocatorRemoteAccessNtLmSsp (ShellHWDetectionIDriverTPlugPlayRpcLocatorRemoteAccessNtLmSsp) - Unknown owner - .exe (file missing)
O23 - Service: Print Spooler Spooler Smart (Spooler Smart) - Unknown owner - C:\WINDOWS\
O23 - Service: Print Spooler SpoolerAudioSrvRDSessMgr (SpoolerAudioSrvRDSessMgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Print Spooler SpoolerAudioSrvRDSessMgr SpoolerAudioSrvRDSessMgrTrkWksALGSSDPSRVEventSystemwuauservEventlogImapiServicegusvc (SpoolerAudioSrvRDSessMgrTrkWksALGSSDPSRVEventSystemwuauservEventlogImapiServicegusvc) - Unknown owner - .exe (file missing)
O23 - Service: Print Spooler SpoolerNVSvc (SpoolerNVSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: SSDP Discovery Service SSDPSRVEventSystem (SSDPSRVEventSystem) - Unknown owner - C:\WINDOWS\
O23 - Service: SSDP Discovery Service SSDPSRVEventSystem SSDPSRVEventSystemwuauservEventlogImapiServicegusvc (SSDPSRVEventSystemwuauservEventlogImapiServicegusvc) - Unknown owner - .exe (file missing)
O23 - Service: MS Software Shadow Copy Provider SwPrvSharedAccess (SwPrvSharedAccess) - Unknown owner - C:\WINDOWS\
O23 - Service: Performance Logs and Alerts SysmonLogAppMgmtCiSvcFastUserSwitchingCompatibility (SysmonLogAppMgmtCiSvcFastUserSwitchingCompatibility) - Unknown owner - .exe (file missing)
O23 - Service: Distributed Link Tracking Client TrkWksALG (TrkWksALG) - Unknown owner - C:\WINDOWS\
O23 - Service: Distributed Link Tracking Client TrkWksALG TrkWksALGSSDPSRVEventSystemwuauservEventlogImapiServicegusvc (TrkWksALGSSDPSRVEventSystemwuauservEventlogImapiServicegusvc) - Unknown owner - .exe (file missing)
O23 - Service: Distributed Link Tracking Client TrkWksImapiService (TrkWksImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: Distributed Link Tracking Client TrkWkslanmanserver (TrkWkslanmanserver) - Unknown owner - .exe (file missing)
O23 - Service: Distributed Link Tracking Client TrkWksNetmanSamSs (TrkWksNetmanSamSs) - Unknown owner - .exe (file missing)
O23 - Service: Uninterruptible Power Supply UPSAudioSrvRDSessMgr (UPSAudioSrvRDSessMgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Time W32TimeSpoolerNVSvc (W32TimeSpoolerNVSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Management Instrumentation winmgmtWmdmPmSNaspnet_stateLmHosts (winmgmtWmdmPmSNaspnet_stateLmHosts) - Unknown owner - .exe (file missing)
O23 - Service: Portable Media Serial Number Service WmdmPmSNaspnet_stateLmHosts (WmdmPmSNaspnet_stateLmHosts) - Unknown owner - .exe (file missing)
O23 - Service: WMI Performance Adapter WmiApSrvAppMgmtCiSvcFastUserSwitchingCompatibility (WmiApSrvAppMgmtCiSvcFastUserSwitchingCompatibility) - Unknown owner - .exe (file missing)
O23 - Service: WMI Performance Adapter WmiApSrvRemoteAccessNtLmSsp (WmiApSrvRemoteAccessNtLmSsp) - Unknown owner - .exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service WMPNetworkSvcNtmsSvc (WMPNetworkSvcNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Media Player Network Sharing Service WMPNetworkSvcNtmsSvc WMPNetworkSvcNtmsSvcTermService (WMPNetworkSvcNtmsSvcTermService) - Unknown owner - .exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service WMPNetworkSvcWebClient (WMPNetworkSvcWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Media Player Network Sharing Service WMPNetworkSvcWebClient WMPNetworkSvcWebClientDhcp (WMPNetworkSvcWebClientDhcp) - Unknown owner - .exe (file missing)
O23 - Service: Security Center wscsvc Service for CDROM Access (wscsvc Service for CDROM Access) - Unknown owner - C:\WINDOWS\
O23 - Service: Security Center wscsvcDhcp (wscsvcDhcp) - Unknown owner - .exe (file missing)
O23 - Service: Automatic Updates wuauservDhcp (wuauservDhcp) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatic Updates wuauservEventlog (wuauservEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatic Updates wuauservEventlog wuauservEventlogImapiService (wuauservEventlogImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatic Updates wuauservEventlog wuauservEventlogImapiService wuauservEventlogImapiServicegusvc (wuauservEventlogImapiServicegusvc) - Unknown owner - C:\WINDOWS\

--
End of file - 20187 bytes
 
Looking forward to updating Windows so it will be safer & re-installing some kind of anti malware stuff. Let me know what the new logs are tellin' ya.

Thanks again for your time & patience. :bigthumb:
 
Hi,

Sorry for the late reply..
Leme look over your logs and see what is left of the battle. :D
 
Hi,

Please don't leave machine connected to net unless doing stuff here. You have no AV and no decent firewall so your risk of more infections are high.

See if you can get Windows firewall working to give you at least incomming protection.

Open control panel then "network connections"
Right click your connection> properties> advanced> check the box that says "protect my computer...."
Apply & OK out.
Let me know if this fails.

Leave DrWeb's quarantined stuff alone a bit. It tagged some support stuff that came with system we should restore when we're done.

I think we're still rooted.

Download Gmer from here:

http://www.gmer.net/gmer.zip

Unzip it to its own folder.
Disconnect from internet & shut down Antivirus to prevent conflicts.
Shut down also any other unneeded apps including any open browser windows.
The less stuff we got running the less chance of false positives in log.
Double click gmer.exe to run it.
Allow driver to install if asked (gmer.sys)
You may get a warning at program start that there is possible rootkit activity and do you want to run scan.

Say OK to run scan.
If no warning, just click "scan".
Let the scan finish.
Once done press "save"
In the new window that pops up, give the log a name and save it someplace handy.
Press save.

Re-connect to net & post that log here.

Let me know if Gmer gives you errors.

Thanks :)
 
We had already done the "protect my computer" thing on a previous post & it was still checked.
Gmer did not give me any errors & I have been leaving the infected computer "unplugged" from the interweb. :)

Here's the Gmer log:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-14 15:40:55
Windows 5.1.2600 Service Pack 1


---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [ 06 ]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\MSN Messenger\msnmsgr.exe[1604] kernel32.dll!SetUnhandledExceptionFilter 77E7E5A1 9 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{00C3B745-478E-8E44-2308-95EE1E35FF0D}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{00C3B745-478E-8E44-2308-95EE1E35FF0D}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}@
Reg HKLM\SOFTWARE\Classes\CLSID\{00C3B745-478E-8E44-2308-95EE1E35FF0D}\InprocServer32@ C:\WINDOWS\system32\scrobj.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{00C3B745-478E-8E44-2308-95EE1E35FF0D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{00C3B745-478E-8E44-2308-95EE1E35FF0D}\ProgID@ ScriptletHandler.Event
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\InprocServer32@Class System.Runtime.Remoting.Metadata.SoapMethodAttribute
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\InprocServer32\1.0.5000.0
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\InprocServer32\1.0.5000.0@Class System.Runtime.Remoting.Metadata.SoapMethodAttribute
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\InprocServer32\2.0.0.0@Assembly mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\InprocServer32\2.0.0.0@Class System.Runtime.Remoting.Metadata.SoapMethodAttribute
Reg HKLM\SOFTWARE\Classes\CLSID\{01315B19-6FC4-3686-A23D-C098D0CB5225}\ProgId@ System.Runtime.Remoting.Metadata.SoapMethodAttribute
Reg HKLM\SOFTWARE\Classes\CLSID\{1826CDB1-DCCF-490E-89C8-C722F9CF83C1}\InprocServer32@ ole32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{287EF21A-9D1A-0850-5A9C-5CADADD495FF}\ExtendedErrors@ Extended Error Service
Reg HKLM\SOFTWARE\Classes\CLSID\{287EF21A-9D1A-0850-5A9C-5CADADD495FF}\ExtendedErrors\{00000542-0000-0010-8000-00AA006D2EA4}
Reg HKLM\SOFTWARE\Classes\CLSID\{287EF21A-9D1A-0850-5A9C-5CADADD495FF}\ExtendedErrors\{00000542-0000-0010-8000-00AA006D2EA4}@ ADO Error Lookup
Reg HKLM\SOFTWARE\Classes\CLSID\{392EC2A0-4691-7FCE-606F-8878B7875A35}\Insertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{392EC2A0-4691-7FCE-606F-8878B7875A35}\Ole1Class@ SoundRec
Reg HKLM\SOFTWARE\Classes\CLSID\{392EC2A0-4691-7FCE-606F-8878B7875A35}\ProgID@ SoundRec
Reg HKLM\SOFTWARE\Classes\CLSID\{392EC2A0-4691-7FCE-606F-8878B7875A35}\TreatAs@ {00020C01-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{397A1CDF-CE10-9F24-4188-062E91923DFC}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
Reg HKLM\SOFTWARE\Classes\CLSID\{397A1CDF-CE10-9F24-4188-062E91923DFC}\LocalServer32@ C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Reg HKLM\SOFTWARE\Classes\CLSID\{397A1CDF-CE10-9F24-4188-062E91923DFC}\ProgID@ gcasDtServ.AgentDataStore
Reg HKLM\SOFTWARE\Classes\CLSID\{397A1CDF-CE10-9F24-4188-062E91923DFC}\TypeLib@ {CEACE91F-3F71-4A8C-B952-63716B2BC026}
Reg HKLM\SOFTWARE\Classes\CLSID\{397A1CDF-CE10-9F24-4188-062E91923DFC}\VERSION@ 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{3C91CB00-8514-901B-651D-5D20DF97F7FA}\InProcServer32@ C:\PROGRA~1\Canon\Program\zb_ui.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{3C91CB00-8514-901B-651D-5D20DF97F7FA}\InProcServer32@InProcServer32 TVUAg`ee,?6-Bi,e_GnvFEAT_ZoomBrowserCore>]^c%+el*f8WZf4TV%v0t?
Reg HKLM\SOFTWARE\Classes\CLSID\{3C91CB00-8514-901B-651D-5D20DF97F7FA}\InProcServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{3C91CB00-8514-901B-651D-5D20DF97F7FA}\ProgID@ Zb_ui.ZbUiRootFolderItem.1
Reg HKLM\SOFTWARE\Classes\CLSID\{3C91CB00-8514-901B-651D-5D20DF97F7FA}\VersionIndependentProgID@ Zb_ui.ZbUiRootFolderItem
Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\InProcServer32@ C:\WINDOWS\system32\wshom.ocx
Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\ProgID@ WScript.Network.1
Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\TypeLib@ {F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}
Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\VersionIndependentProgID@ WScript.Network
Reg HKLM\SOFTWARE\Classes\CLSID\{942D82A5-DA03-640B-5E19-3CBD62700780}\CurVer@ Zb_ui.ZbUiMyDocumentsFolderItem.1
Reg HKLM\SOFTWARE\Classes\CLSID\{99ABF834-28BA-1905-404D-473A6F82B52F}\CONTROL@
Reg HKLM\SOFTWARE\Classes\CLSID\{99ABF834-28BA-1905-404D-473A6F82B52F}\INPROCSERVER@ C:\WINDOWS\System\THREED16.OCX
Reg HKLM\SOFTWARE\Classes\CLSID\{99ABF834-28BA-1905-404D-473A6F82B52F}\InprocServer32@ C:\WINDOWS\System32\threed32.ocx
Reg HKLM\SOFTWARE\Classes\CLSID\{99ABF834-28BA-1905-404D-473A6F82B52F}\MISCSTATUS@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{99ABF834-28BA-1905-404D-473A6F82B52F}\MISCSTATUS\1
Reg HKLM\SOFTWARE\Classes\CLSID\{99ABF834-28BA-1905-404D-473A6F82B52F}\MISCSTATUS\1@ 237969
Reg HKLM\SOFTWARE\Classes\CLSID\{99ABF834-28BA-1905-404D-473A6F82B52F}\PROGID@ Threed.SSPanel
Reg HKLM\SOFTWARE\Classes\CLSID\{99ABF834-28BA-1905-404D-473A6F82B52F}\TOOLBOXBITMAP@ C:\WINDOWS\System\THREED16.OCX, 4
Reg HKLM\SOFTWARE\Classes\CLSID\{99ABF834-28BA-1905-404D-473A6F82B52F}\ToolboxBitmap32@ C:\WINDOWS\System32\threed32.ocx, 4
Reg HKLM\SOFTWARE\Classes\CLSID\{99ABF834-28BA-1905-404D-473A6F82B52F}\TYPELIB@ {0BA686C6-F7D3-101A-993E-0000C0EF6F5E}
Reg HKLM\SOFTWARE\Classes\CLSID\{99ABF834-28BA-1905-404D-473A6F82B52F}\VERSION@ 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{AB35CCB6-940C-C903-1BFC-8E0B382A26E8}\InprocServer32@ C:\PROGRA~1\MICROS~2\Office\OUTLAS9.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\Conversion\Readable
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\Conversion\Readable\Main
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\Conversion\Readable\Main@ WordArt
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\DataFormats\GetSet
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\DataFormats\GetSet\0
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\DataFormats\GetSet\0@ 3,-1,32,1
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\DataFormats\GetSet\1
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\DataFormats\GetSet\1@ 1,-1,1,3
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\DataFormats\GetSet\2
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\DataFormats\GetSet\2@ MSWordArt.2,-1,1,3
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\DefaultIcon@ C:\WINDOWS\Installer\{00040409-78E1-11D2-B60F-006097C998E7}\wa32ico.exe,1
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\InprocHandler32@ ole32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\Insertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\LocalServer32@ C:\PROGRA~1\COMMON~1\MICROS~1\WordArt\WRDART32.EXE
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\LocalServer32@LocalServer32 5LL!!gxsf(Ng]qF`H{LsPubToolsWordArt>289lbwAlf(rW&!!cF5I6?
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\MiscStatus@0
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\MiscStatus \1
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\MiscStatus \1@ 1
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\ProgID@ MSWordArt.2
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\Verb\0
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\Verb\0@ &Edit,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\Verb\1
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\Verb\1@ &Open,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{C2E222F7-AC2F-CCF7-6FC6-418B73DDB9E9}\InprocHandler32@ ole32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{C2E222F7-AC2F-CCF7-6FC6-418B73DDB9E9}\InprocServer32@ C:\WINDOWS\system32\msi.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{C2E222F7-AC2F-CCF7-6FC6-418B73DDB9E9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C2E222F7-AC2F-CCF7-6FC6-418B73DDB9E9}\ProgId@ WindowsInstaller.Installer
Reg HKLM\SOFTWARE\Classes\CLSID\{C2E222F7-AC2F-CCF7-6FC6-418B73DDB9E9}\TypeLib@ {000C1092-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{DFE957A2-B69B-F543-5A95-EA6A51E8BAC2}\AutoConvertTo@ {00020820-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{DFE957A2-B69B-F543-5A95-EA6A51E8BAC2}\DefaultIcon@ C:\PROGRA~1\MICROS~2\Office\EXCEL.EXE,1
Reg HKLM\SOFTWARE\Classes\CLSID\{DFE957A2-B69B-F543-5A95-EA6A51E8BAC2}\Insertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{DFE957A2-B69B-F543-5A95-EA6A51E8BAC2}\NotInsertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{DFE957A2-B69B-F543-5A95-EA6A51E8BAC2}\Ole1Class@ ExcelWorksheet
Reg HKLM\SOFTWARE\Classes\CLSID\{DFE957A2-B69B-F543-5A95-EA6A51E8BAC2}\ProgID@ ExcelWorksheet
Reg HKLM\SOFTWARE\Classes\CLSID\{DFE957A2-B69B-F543-5A95-EA6A51E8BAC2}\RTFClassName@ MSBiff
Reg HKLM\SOFTWARE\Classes\CLSID\{DFE957A2-B69B-F543-5A95-EA6A51E8BAC2}\TreatAs@ {00020820-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{EB9A3602-1A27-35A0-22AE-35C6E60CA4B0}\InprocServer32@ C:\Program Files\Microsoft Office\Office\1033\fvfxs.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{EB9A3602-1A27-35A0-22AE-35C6E60CA4B0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FBC056B4-1F31-6BD6-5062-8DE2F1119AF7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{FBC056B4-1F31-6BD6-5062-8DE2F1119AF7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}@
Reg HKLM\SOFTWARE\Classes\CLSID\{FBC056B4-1F31-6BD6-5062-8DE2F1119AF7}\InprocServer32@ C:\WINDOWS\system32\scrobj.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{FBC056B4-1F31-6BD6-5062-8DE2F1119AF7}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FBC056B4-1F31-6BD6-5062-8DE2F1119AF7}\ProgID@ ScriptletHandler.Event
Reg HKLM\SOFTWARE\Classes\IrfanView@ IrfanView
Reg HKLM\SOFTWARE\Classes\IrfanView\shell
Reg HKLM\SOFTWARE\Classes\IrfanView\shell\open
Reg HKLM\SOFTWARE\Classes\IrfanView\shell\open\command
Reg HKLM\SOFTWARE\Classes\IrfanView\shell\open\command@ "C:\Documents and Settings\All Users\Documents\i_view32.exe" "%1"

---- EOF - GMER 1.0.14 ----
 
Hi,

We had already done the "protect my computer" thing on a previous post & it was still checked.
Gmer did not give me any errors & I have been leaving the infected computer "unplugged" from the interweb.
Click to expand...

Good :)

I'm kinda stumped on what all those funny looking services are.
I would like to have a look at an export of that key.
Actually what might be easier...

Create a new erunt backup.

Go to this folder:
C:\windows\erdnt\{todays date}

Right click on file called "system"> send to> compressed (zipped) folder.

Upload "system.zip" to this site:

http://www.uploadmalware.com

Please leave link in space provided to this thread so I know who's file it is.

Once uploaded you can delete "system.zip"

Thanks :)
 
Got the file.
Thanks :)

It's going to take me a bit to go through it.
I want to make sure the legit services are not dependant on the funkey ones before we remove em.
Man -- I would love to know what the heck you hit. :spider:
 
OK.. :spider:

Delete current version of ComboFix & grab a new one:

Link 1
Link 2
Link 3

Save to desktop.

Click start> run> type notepad and hit enter.
Click the "format" menu & ensure "wordwrap" is UNchecked.

Copy the following text to the open notepad:

Code: 
driver::
AlerterRasAutoAticlr_optimization_v2.0.50727_32
AlerterRpcSs
AppMgmtCiSvc
AppMgmtCiSvcFastUserSwitchingCompatibility
AppMgmtFastUserSwitchingCompatibility
AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService
AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService PMSP Service
AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceMessengerRSVP
AppMgmtFastUserSwitchingCompatibilityTrkWksImapiServiceNetman
aspnet_stateLmHosts
Aticlr_optimization_v2.0.50727_32
Aticlr_optimization_v2.0.50727_32AppMgmtFastUserSwitchingCompatibilityTrkWksImapiService
AudioSrvRDSessMgr
BITSDcomLaunch
Browseraspnet_stateLmHosts
Browserwuauserv
BrowserwuauservALG
BrowserwuauservW32TimeSpoolerNVSvc
ClipSrvSSDPSRVEventSystemwuauservEventlogImapiServicegusvc
clr_optimization_v2.0.50727_32RasMan
COMSysAppFastUserSwitchingCompatibility
COMSysAppFastUserSwitchingCompatibilityWMPNetworkSvcWebClient
DhcpNetman
dmadminEventlog
Dnscachegusvc
EventSystemgusvc
EventSystemgusvcWMPNetworkSvc
gusvcstisvc
HidServaspnet_state
LmHostsNtLmSsp
MessengerRSVP
MSDTCWZCSVC
MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility
MSDTCWZCSVCAppMgmtCiSvcFastUserSwitchingCompatibility Smart
MSIServerTrkWksALG
NetDDEclr_optimization_v2.0.50727_32
NetDDEdsdm Smart
NetDDEdsdmgusvcstisvc
NetmanSamSs
NetmanWMPNetworkSvcNtmsSvc
NlaSENS
NVSvchkmsvc
NVSvcRemoteAccess
NVSvcRemoteAccessDhcpNetman
PolicyAgentWebClient
PolicyAgentWebClientWmiApSrv
RasAutoAticlr_optimization_v2.0.50727_32
RemoteAccessNtLmSsp
RemoteAccessPolicyAgentWebClient
RpcLocatorRemoteAccessNtLmSsp
SCardSvrThemes
seclogonALG
SharedAccessWMPNetworkSvcNtmsSvc
ShellHWDetection Service for CDROM Access
ShellHWDetectionIDriverT
ShellHWDetectionIDriverTPlugPlay
ShellHWDetectionIDriverTPlugPlayNVSvcRemoteAccess
ShellHWDetectionIDriverTPlugPlayRpcLocatorRemoteAccessNtLmSsp
Spooler Smart
SpoolerAudioSrvRDSessMgr
SpoolerAudioSrvRDSessMgrTrkWksALGSSDPSRVEventSystemwuauservEventlogImapiServicegusvc
SpoolerNVSvc
SSDPSRVEventSystem
SSDPSRVEventSystemwuauservEventlogImapiServicegusvc
SwPrvSharedAccess
SysmonLogAppMgmtCiSvcFastUserSwitchingCompatibility
TrkWksALG
TrkWksALGSSDPSRVEventSystemwuauservEventlogImapiServicegusvc
TrkWksImapiService
TrkWkslanmanserver
TrkWksNetmanSamSs
UPSAudioSrvRDSessMgr
W32TimeSpoolerNVSvc
winmgmtWmdmPmSNaspnet_stateLmHosts
WmdmPmSNaspnet_stateLmHosts
WmiApSrvAppMgmtCiSvcFastUserSwitchingCompatibility
WmiApSrvRemoteAccessNtLmSsp
WMPNetworkSvcNtmsSvc
WMPNetworkSvcNtmsSvcTermService
WMPNetworkSvcWebClient
WMPNetworkSvcWebClientDhcp
wscsvcDhcp
wuauservDhcp
wuauservEventlog
wuauservEventlogImapiService
wuauservEventlogImapiServicegusvc

Save file as file name cfscript.txt to the desktop.

Shut off any security apps you have running.
Drag CFscript.txt on top of Combofix & drop it.
Follow prompts from ComboFix.

Once done it will create log. (c:\combofix.txt)
Please post contents of that log along with a new hijackthis log.

Let me know how machine is running at this point.
We will likely have more work to do.

Thanks :)
 
You must log in or register to reply here.
Back
Top