OTMoveIt log:DllUnregisterServer procedure not found in C:\WINDOWS\system32\CSCDL.dll
C:\WINDOWS\system32\CSCDL.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\CSCDL.dll scheduled to be moved on reboot.
C:\Program Files\Helper moved successfully.
File/Folder C:\DOCUME~1\emil\LOCALS~1\Temp\wdc1.exe not found.
File/Folder C:\DOCUME~1\emil\LOCALS~1\Temp\wda2.exe not found.
File/Folder C:\WINDOWS\wdm3.exe not found.
File/Folder C:\WINDOWS\wdu4.exe not found.
File/Folder C:\WINDOWS\system32\ctfmona.exe not found.
C:\Program Files\AntiVirusPro\Quarantine moved successfully.
C:\Program Files\AntiVirusPro moved successfully.
File/Folder C:\Program Files\Ultimate Cleaner not found.
File/Folder C:\DOCUME~1\emil\LOCALS~1\Temp\wdc5.exe not found.
File/Folder C:\WINDOWS\wdm7.exe not found.
File/Folder C:\WINDOWS\wdu8.exe not found.
LoadLibrary failed for C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\wowfx.dll NOT unregistered.
C:\WINDOWS\system32\wowfx.dll moved successfully.
OTMoveIt2 v1.0.17 log created on 02062008_000427
ComboFixComboFix 08-02.05.3 - emil 2008-02-06 0:15:33.1 - NTFSx86
Running from: C:\Documents and Settings\emil\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\emil\Application Data\Ultimate Cleaner
C:\Documents and Settings\emil\Application Data\Ultimate Cleaner\settings.dat
C:\Documents and Settings\emil\Application Data\Ultimate Defender
C:\Documents and Settings\emil\Application Data\Ultimate Defender\logs\1158895062.log
C:\Documents and Settings\emil\Application Data\Ultimate Defender\logs\1163726017.log
C:\Documents and Settings\emil\Application Data\Ultimate Defender\logs\1163735772.log
C:\Documents and Settings\emil\Application Data\ultra
C:\Documents and Settings\emil\Application Data\ultra\uninstall.bat
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\system32\cscdl.dll
C:\WINDOWS\system32\drivers\dpgmrhqi.dat
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\winupdate.exe
C:\WINDOWS\system32\wowfx.dll . . . . failed to delete
C:\WINDOWS\system32\wscmp.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NTLOAD
-------\LEGACY_WUOZKAZW
-------\wuozkazw
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.
2008-02-06 00:04 . 2008-02-06 00:04 <DIR> d-------- C:\_OTMoveIt
2008-02-05 23:59 . 2008-02-06 00:00 <DIR> d-------- C:\Documents and Settings\emil\Application Data\AVG7
2008-02-05 23:58 . 2008-02-05 23:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-05 23:57 . 2008-02-05 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-05 22:53 . 2008-02-05 23:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-02-05 22:53 . 2008-02-05 22:53 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-02-05 22:53 . 2008-02-05 22:53 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-02-05 22:53 . 2008-02-05 22:53 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-02-05 20:32 . 2008-02-05 20:29 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-02-05 20:29 . 2008-02-05 22:32 <DIR> d-------- C:\Documents and Settings\emil\.housecall6.6
2008-02-05 20:27 . 2008-02-05 20:27 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-05 19:44 . 2008-02-05 19:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-05 18:14 . 2008-02-05 18:14 269,334 --a------ C:\WINDOWS\SYSTEM32\edorelknepgnid.bmp
2008-02-05 18:10 . 2008-02-05 18:10 269,334 --a------ C:\WINDOWS\SYSTEM32\dobqtob.bmp
2008-02-05 16:45 . 2008-02-05 16:45 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-02-05 16:37 . 2008-02-05 16:37 <DIR> d-------- C:\Program Files\CCleaner
2008-02-05 16:32 . 2008-02-05 16:32 <DIR> d-------- C:\Documents and Settings\emil\Application Data\Grisoft
2008-02-05 16:32 . 2008-02-05 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-05 16:32 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-02-05 16:13 . 2008-02-05 16:13 269,334 --a------ C:\WINDOWS\SYSTEM32\srqlknqt.bmp
2008-02-05 15:45 . 2008-02-05 15:46 230,912 --a------ C:\WINDOWS\SYSTEM32\wscmp.dll.tmp
2008-02-05 15:42 . 2008-02-05 15:42 269,334 --a------ C:\WINDOWS\SYSTEM32\ormdsjatkbip.bmp
2008-02-05 15:31 . 2008-02-05 15:31 269,334 --a------ C:\WINDOWS\SYSTEM32\crihcrmlkbmt.bmp
2008-02-04 23:56 . 2008-02-04 23:56 269,334 --a------ C:\WINDOWS\SYSTEM32\cjqlcfmlcnmtob.bmp
2008-02-04 20:41 . 2008-02-04 20:41 269,334 --a------ C:\WINDOWS\SYSTEM32\obepkfetonahgn.bmp
2008-02-04 19:55 . 2008-02-04 19:55 269,334 --a------ C:\WINDOWS\SYSTEM32\snetsr.bmp
2008-02-04 16:28 . 2008-02-04 16:28 269,334 --a------ C:\WINDOWS\SYSTEM32\ofilgnatoradcf.bmp
2008-02-04 13:18 . 2008-02-04 13:18 269,334 --a------ C:\WINDOWS\SYSTEM32\cjmpobidgjit.bmp
2008-02-04 11:58 . 2008-02-04 11:58 269,334 --a------ C:\WINDOWS\SYSTEM32\kfadcbilcrqh.bmp
2008-02-03 21:28 . 2008-02-03 21:28 269,334 --a------ C:\WINDOWS\SYSTEM32\bqdgbmlcnahkn.bmp
2008-02-03 21:25 . 2008-02-03 21:25 269,334 --a------ C:\WINDOWS\SYSTEM32\bapcfahcjip.bmp
2008-02-03 20:57 . 2008-02-03 20:57 269,334 --a------ C:\WINDOWS\SYSTEM32\tkbqtgfmp.bmp
2008-02-03 20:43 . 2008-02-03 20:43 269,334 --a------ C:\WINDOWS\SYSTEM32\adsfqlkrap.bmp
2008-02-03 20:27 . 2008-02-03 20:27 269,334 --a------ C:\WINDOWS\SYSTEM32\snmtsridkb.bmp
2008-02-03 12:17 . 2008-02-03 12:17 269,334 --a------ C:\WINDOWS\SYSTEM32\tobidobqhoj.bmp
2008-02-02 23:14 . 2008-02-02 23:14 269,334 --a------ C:\WINDOWS\SYSTEM32\ojitsrmh.bmp
2008-02-02 22:13 . 2008-02-02 22:13 269,334 --a------ C:\WINDOWS\SYSTEM32\lcbmlcjitsb.bmp
2008-02-02 16:38 . 2008-02-02 16:38 269,334 --a------ C:\WINDOWS\SYSTEM32\tcjmpojahgbih.bmp
2008-02-02 13:00 . 2008-02-02 13:00 269,334 --a------ C:\WINDOWS\SYSTEM32\tobedonaporad.bmp
2008-02-01 19:30 . 2008-02-01 19:30 269,334 --a------ C:\WINDOWS\SYSTEM32\hcbmdorqtkf.bmp
2008-02-01 18:14 . 2008-02-01 18:14 269,334 --a------ C:\WINDOWS\SYSTEM32\pcfmpgbqp.bmp
2008-02-01 11:03 . 2008-02-01 11:03 269,334 --a------ C:\WINDOWS\SYSTEM32\grehknadcrel.bmp
2008-02-01 10:49 . 2008-02-05 15:48 3,262 --a------ C:\WINDOWS\SYSTEM32\sex5.ico
2008-02-01 10:48 . 2008-02-01 19:00 3,262 --a------ C:\WINDOWS\SYSTEM32\sex4.ico
2008-02-01 10:48 . 2008-02-01 19:02 3,262 --a------ C:\WINDOWS\SYSTEM32\sex3.ico
2008-02-01 10:47 . 2008-02-01 18:18 3,262 --a------ C:\WINDOWS\SYSTEM32\sex2.ico
2008-02-01 10:47 . 2008-02-05 15:48 3,262 --a------ C:\WINDOWS\SYSTEM32\sex1.ico
2008-02-01 10:44 . 2008-02-01 10:44 269,334 --a------ C:\WINDOWS\SYSTEM32\bipcn.bmp
2008-01-31 20:43 . 2008-01-31 20:43 269,334 --a------ C:\WINDOWS\SYSTEM32\pojit.bmp
2008-01-31 20:15 . 2008-01-31 20:15 269,334 --a------ C:\WINDOWS\SYSTEM32\adcrmpcfmhcrep.bmp
2008-01-31 15:31 . 2008-01-31 15:31 269,334 --a------ C:\WINDOWS\SYSTEM32\tkbqlsretkfep.bmp
2008-01-31 14:26 . 2008-01-31 14:26 269,334 --a------ C:\WINDOWS\SYSTEM32\mlsjmhsnmpcr.bmp
2008-01-31 11:11 . 2008-01-31 11:11 269,334 --a------ C:\WINDOWS\SYSTEM32\sfilkbetsf.bmp
2008-01-31 08:33 . 2008-01-31 08:33 269,334 --a------ C:\WINDOWS\SYSTEM32\knilsrqh.bmp
2008-01-30 11:50 . 2008-01-30 11:50 269,334 --a------ C:\WINDOWS\SYSTEM32\cfqpsnqtgj.bmp
2008-01-30 00:05 . 2008-01-30 00:05 269,334 --a------ C:\WINDOWS\SYSTEM32\gjipgnetkn.bmp
2008-01-29 18:46 . 2008-01-29 18:46 33,106 --a------ C:\Documents and Settings\emil\Application Data\61151.exe
2008-01-29 18:44 . 2008-01-29 18:44 269,334 --a------ C:\WINDOWS\SYSTEM32\tsratcrilsbih.bmp
2008-01-29 11:51 . 2008-01-29 11:51 269,334 --a------ C:\WINDOWS\SYSTEM32\tgnehsbapofmh.bmp
2008-01-28 10:22 . 2008-01-28 10:22 269,334 --a------ C:\WINDOWS\SYSTEM32\bmlonilcrqdkb.bmp
2008-01-27 19:34 . 2008-01-27 19:34 269,334 --a------ C:\WINDOWS\SYSTEM32\srqpofatgfmh.bmp
2008-01-26 21:03 . 2008-01-26 21:03 269,334 --a------ C:\WINDOWS\SYSTEM32\ahkbatsbat.bmp
2008-01-25 22:41 . 2008-01-25 22:41 269,334 --a------ C:\WINDOWS\SYSTEM32\hgjipkrih.bmp
2008-01-25 21:22 . 2008-01-25 21:22 269,334 --a------ C:\WINDOWS\SYSTEM32\ipkjmpkrqdsnml.bmp
2008-01-25 20:53 . 2008-01-25 20:53 269,334 --a------ C:\WINDOWS\SYSTEM32\gjepsr.bmp
2008-01-25 20:24 . 2008-01-25 20:24 269,334 --a------ C:\WINDOWS\SYSTEM32\tgfqlsretof.bmp
2008-01-25 20:23 . 2008-01-25 20:23 269,334 --a------ C:\WINDOWS\SYSTEM32\hgnmh.bmp
2008-01-25 20:18 . 2008-01-25 20:18 269,334 --a------ C:\WINDOWS\SYSTEM32\pgnqd.bmp
2008-01-25 20:17 . 2008-01-25 20:17 269,334 --a------ C:\WINDOWS\SYSTEM32\dknatcn.bmp
2008-01-25 20:12 . 2008-01-25 20:12 269,334 --a------ C:\WINDOWS\SYSTEM32\sbidorqtgrqlob.bmp
2008-01-25 20:09 . 2008-01-25 20:09 269,334 --a------ C:\WINDOWS\SYSTEM32\lonmpsrah.bmp
2008-01-25 19:08 . 2008-01-25 19:08 269,334 --a------ C:\WINDOWS\SYSTEM32\nilcretofqh.bmp
2008-01-25 19:07 . 2008-01-25 19:07 269,334 --a------ C:\WINDOWS\SYSTEM32\grilkjit.bmp
2008-01-25 18:46 . 2008-01-25 18:46 269,334 --a------ C:\WINDOWS\SYSTEM32\ralkf.bmp
2008-01-23 00:25 . 2008-01-23 00:25 269,334 --a------ C:\WINDOWS\SYSTEM32\dkbetonilcned.bmp
2008-01-22 17:28 . 2008-01-22 17:28 269,334 --a------ C:\WINDOWS\SYSTEM32\bqlkn.bmp
2008-01-22 11:57 . 2008-01-22 11:57 269,334 --a------ C:\WINDOWS\SYSTEM32\bilsfqpofip.bmp
2008-01-21 20:51 . 2008-01-21 20:51 269,334 --a------ C:\WINDOWS\SYSTEM32\cjilsbahsjed.bmp
2008-01-21 18:20 . 2008-01-21 18:20 269,334 --a------ C:\WINDOWS\SYSTEM32\pgbqpgbit.bmp
2008-01-21 13:05 . 2008-01-21 13:05 269,334 --a------ C:\WINDOWS\SYSTEM32\crapor.bmp
2008-01-20 21:30 . 2008-01-20 21:30 269,334 --a------ C:\WINDOWS\SYSTEM32\hkfetsfqtcjah.bmp
2008-01-20 10:21 . 2008-01-20 10:21 269,334 --a------ C:\WINDOWS\SYSTEM32\aporqpcfqpgbid.bmp
2008-01-20 00:52 . 2008-01-20 00:52 269,334 --a------ C:\WINDOWS\SYSTEM32\jetobmpsbmpsb.bmp
2008-01-20 00:49 . 2008-01-20 00:49 269,334 --a------ C:\WINDOWS\SYSTEM32\natgj.bmp
2008-01-19 20:55 . 2008-01-19 20:55 269,334 --a------ C:\WINDOWS\SYSTEM32\hobetkrehcbal.bmp
2008-01-19 19:08 . 2008-01-19 19:08 269,334 --a------ C:\WINDOWS\SYSTEM32\ipsnqlonipkf.bmp
2008-01-19 11:46 . 2008-01-19 11:46 269,334 --a------ C:\WINDOWS\SYSTEM32\kfepkjedof.bmp
2008-01-18 19:53 . 2008-01-18 19:53 269,334 --a------ C:\WINDOWS\SYSTEM32\ofqdgjipoj.bmp
2008-01-18 17:03 . 2008-01-18 17:03 269,334 --a------ C:\WINDOWS\SYSTEM32\knilsjetknqh.bmp
2008-01-17 23:57 . 2008-01-17 23:57 269,334 --a------ C:\WINDOWS\SYSTEM32\dcfmh.bmp
2008-01-17 23:29 . 2008-01-17 23:29 269,334 --a------ C:\WINDOWS\SYSTEM32\dsfalgbepob.bmp
2008-01-17 20:35 . 2008-01-17 20:35 269,334 --a------ C:\WINDOWS\SYSTEM32\dgbehgr.bmp
2008-01-16 17:43 . 2008-01-16 17:43 269,334 --a------ C:\WINDOWS\SYSTEM32\hkjqpoj.bmp
2008-01-16 16:47 . 2008-01-16 16:47 <DIR> d-------- C:\Documents and Settings\emil\Application Data\Anti-Virus-Pro.com
2008-01-16 16:46 . 2008-01-16 16:46 269,334 --a------ C:\WINDOWS\SYSTEM32\tknahcb.bmp
2008-01-15 10:42 . 2008-01-15 10:42 13,824 --a------ C:\WINDOWS\wduB.exe
2008-01-15 10:42 . 2008-01-15 10:42 13,824 --a------ C:\WINDOWS\wdmA.exe
2008-01-12 21:11 . 2008-01-12 21:11 <DIR> d-------- C:\Documents and Settings\emil\Application Data\InfeStop.com
2008-01-12 21:10 . 2008-01-13 13:13 <DIR> d-------- C:\Program Files\InfeStop
2008-01-12 17:30 . 2005-05-13 21:23 150,576 --a------ C:\Documents and Settings\emil\Application Data\spyguard.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 04:37 --------- d-----w C:\Program Files\Google
2008-01-26 03:55 --------- d-----w C:\Program Files\eMule
2008-01-26 03:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\MP3 FILM ELSE PURE
2008-01-26 02:48 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-01-26 00:03 --------- d-----w C:\Program Files\Real
2008-01-13 18:16 --------- d-----w C:\Program Files\DivX
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]
C:\Program Files\Helper\1202187441.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-30 19:42 68856]
"Windows Defender Monitor"="C:\WINDOWS\wdm7.exe" [ ]
"Windows Defender Updater"="C:\WINDOWS\wdu8.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender Monitor"="C:\WINDOWS\wdm3.exe" [ ]
"Windows Defender Updater"="C:\WINDOWS\wdu4.exe" [ ]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [ ]
"AntiVirusPro"="C:\Program Files\AntiVirusPro\AntiVirusPro.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-05 23:57 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-05 23:57 219136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.protected]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
backup=C:\WINDOWS\pss\.protectedCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^kamilla^Start Menu^Programs^Startup^.protected]
path=C:\Documents and Settings\kamilla\Start Menu\Programs\Startup\.protected
backup=C:\WINDOWS\pss\.protectedStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\56fe227b.exe]
C:\WINDOWS\system32\56fe227b.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bat Global]
C:\DOCUME~1\emil\APPLIC~1\USERFA~1\bore move admin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bikini]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BufferZone]
C:\Program Files\BufferZone\CLIENTGUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMLoader]
c:\program files\crystalys media\cm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2004-07-19 07:51 306688 C:\Program Files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-08-13 02:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-08-23 19:19 57344 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\funk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 07:59 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 07:59 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 21:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\links]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPTBox]
C:\Program Files\Canon\MultiPASS\MPTBox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP_STATUS_MONITOR]
C:\Program Files\Canon\MultiPASS\monitr32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MW1HelperStartUp]
C:\PROGRA~1\MAGICW~1\MW1HEL~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestTrap]
C:\Program Files\PestTrap\PestTrap.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-11-22 10:52 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rock]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sectdatathunkextra]
C:\Documents and Settings\All Users\Application Data\exitmpegsectdata\TYPE BOLT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 18:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-30 19:42 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-11-14 18:18 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Cleaner]
C:\Program Files\Ultimate Cleaner\App.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Defender]
C:\Program Files\Ultimate Defender\App.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]
C:\winstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsServicesStartup]
C:\DOCUME~1\kamilla\LOCALS~1\Temp\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MPService"=2 (0x2)
"AOL ACS"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"gusvc"=3 (0x3)
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 06:00]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 22:15:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-06 00:24:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows Defender Monitor = C:\WINDOWS\wdm7.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Windows Defender Updater = C:\WINDOWS\wdu8.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-06 0:30:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-06 05:29:52