Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

DIL.tmp files, VRR1.tmp files, mrofinu100186.exe AND 17PHolmes1001186.

Started by rejaul2008 , May 19 2008 07:46 AM

  • This topic is locked This topic is locked

#1
rejaul2008
Posted 19 May 2008 - 07:46 AM

rejaul2008

    New Member

  • Member
  • Pip
  • 3 posts
DIL.tmp files, VRR1.tmp files, mrofinu100186.exe AND 17PHolmes1001186.exe INFECTION VIRUS will not LEAVE!, they keep on coming and going from my computer.....

and im using a paint software called PAINT.NET and i keep getting a message and it wont open up nemore since iv started getting them viruses, the message says... the application failed to intialize properly (0xc000007b) Click on Ok to terminate the application.

can you please help me remove these files and help with my programs some of them dont hardly work.

iv provided a log file using OTSCAN and HIJACK THIS to help you with this matter.

Thanks

OT SCAN SCRIPT....

[code=auto:0]OTScanIt logfile created on: 19/05/2008 14:43:54
OTScanIt by OldTimer - Version 1.0.14.1 Folder = C:\Documents and Settings\Administrator\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.98 Mb Total Physical Memory | 288.39 Mb Available Physical Memory | 56.44% Memory free
1.22 Gb Paging File | 1.04 Gb Available in Paging File | 85.18% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 67.38 Gb Free Space | 88.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 18.64 Gb Total Space | 0.15 Gb Free Space | 0.78% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-E43AF56720
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
smss.exe -> %SystemRoot%\system32\smss -> File not found
csrss.exe -> %SystemRoot%\system32\csrss -> File not found
winlogon.exe -> %SystemRoot%\system32\winlogon -> File not found
services.exe -> %SystemRoot%\system32\services -> File not found
lsass.exe -> %SystemRoot%\system32\lsass -> File not found
svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> File not found
-> %SystemRoot%\system32\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\system32\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 295424 bytes | Modified Date = 14/04/2008 05:42:08 | Attr = ]
-> %SystemRoot%\system32\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 295424 bytes | Modified Date = 14/04/2008 05:42:08 | Attr = ]
svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> File not found
-> %SystemRoot%\system32\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> File not found
-> %SystemRoot%\system32\appmgmts.dll [AppMgmt] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 167936 bytes | Modified Date = 14/04/2008 05:41:50 | Attr = ]
-> %SystemRoot%\system32\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0845) | Size = 42496 bytes | Modified Date = 14/04/2008 05:41:52 | Attr = ]
-> %SystemRoot%\system32\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.7.2600.5512 (xpsp.080413-2108) | Size = 409088 bytes | Modified Date = 14/04/2008 05:42:04 | Attr = ]
-> %SystemRoot%\system32\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 77824 bytes | Modified Date = 14/04/2008 05:41:52 | Attr = ]
-> %SystemRoot%\system32\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 62464 bytes | Modified Date = 14/04/2008 05:41:52 | Attr = ]
-> %SystemRoot%\system32\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 62464 bytes | Modified Date = 14/04/2008 05:41:52 | Attr = ]
-> %SystemRoot%\system32\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 126976 bytes | Modified Date = 14/04/2008 05:41:52 | Attr = ]
-> %SystemRoot%\system32\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 23552 bytes | Modified Date = 14/04/2008 05:41:54 | Attr = ]
-> %SystemRoot%\system32\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 23040 bytes | Modified Date = 14/04/2008 05:41:54 | Attr = ]
-> %SystemRoot%\system32\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.701 | Size = 246272 bytes | Modified Date = 14/04/2008 05:41:54 | Attr = ]
-> %SystemRoot%\system32\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 135168 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll [helpsvc] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 38400 bytes | Modified Date = 14/04/2008 05:42:04 | Attr = ]
-> %SystemRoot%\System32\hidserv.dll [HidServ] -> File not found
-> %SystemRoot%\system32\kmsvc.dll [hkmsvc] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 61440 bytes | Modified Date = 14/04/2008 05:41:58 | Attr = ]
-> %SystemRoot%\system32\srvsvc.dll [LanmanServer] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 96768 bytes | Modified Date = 14/04/2008 05:42:08 | Attr = ]
-> %SystemRoot%\system32\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132096 bytes | Modified Date = 14/04/2008 05:42:10 | Attr = ]
-> %SystemRoot%\system32\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 33792 bytes | Modified Date = 14/04/2008 05:42:00 | Attr = ]
-> %SystemRoot%\system32\qagentrt.dll [napagent] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 291328 bytes | Modified Date = 14/04/2008 05:42:04 | Attr = ]
-> %SystemRoot%\system32\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 198144 bytes | Modified Date = 14/04/2008 05:42:02 | Attr = ]
-> %SystemRoot%\system32\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 245248 bytes | Modified Date = 14/04/2008 05:42:02 | Attr = ]
-> %SystemRoot%\system32\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.5512 | Size = 435200 bytes | Modified Date = 14/04/2008 05:42:04 | Attr = ]
-> %SystemRoot%\system32\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 88576 bytes | Modified Date = 14/04/2008 05:42:04 | Attr = ]
-> %SystemRoot%\system32\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 186368 bytes | Modified Date = 14/04/2008 05:42:04 | Attr = ]
-> %SystemRoot%\system32\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 53248 bytes | Modified Date = 14/04/2008 05:41:58 | Attr = ]
-> %SystemRoot%\system32\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 192512 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\system32\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 18944 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\system32\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 39424 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\system32\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 14/04/2008 05:41:56 | Attr = ]
-> %SystemRoot%\system32\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 135168 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\system32\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 171008 bytes | Modified Date = 14/04/2008 05:42:08 | Attr = ]
-> %SystemRoot%\system32\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 249856 bytes | Modified Date = 14/04/2008 05:42:08 | Attr = ]
-> %SystemRoot%\system32\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 135168 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\system32\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 90112 bytes | Modified Date = 14/04/2008 05:42:08 | Attr = ]
-> %SystemRoot%\system32\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 175104 bytes | Modified Date = 14/04/2008 05:42:10 | Attr = ]
-> %SystemRoot%\system32\wbem\wmisvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 144896 bytes | Modified Date = 14/04/2008 05:42:10 | Attr = ]
-> %SystemRoot%\system32\mspmsnsv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 18/10/2006 21:47:16 | Attr = ]
-> %SystemRoot%\system32\advapi32.dll [Wmi] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 617472 bytes | Modified Date = 14/04/2008 05:41:50 | Attr = ]
-> %SystemRoot%\system32\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 80896 bytes | Modified Date = 14/04/2008 05:42:12 | Attr = ]
-> %SystemRoot%\system32\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 14/04/2008 05:42:12 | Attr = ]
-> %SystemRoot%\system32\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 483840 bytes | Modified Date = 14/04/2008 05:51:44 | Attr = ]
-> %SystemRoot%\system32\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 129024 bytes | Modified Date = 14/04/2008 05:42:12 | Attr = ]
svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> File not found
-> %SystemRoot%\system32\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 45568 bytes | Modified Date = 14/04/2008 05:41:54 | Attr = ]
svchost.exe -> %SystemRoot%\system32\svchost [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> File not found
-> %SystemRoot%\system32\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 17408 bytes | Modified Date = 14/04/2008 05:41:50 | Attr = ]
-> %SystemRoot%\system32\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 13824 bytes | Modified Date = 14/04/2008 05:41:58 | Attr = ]
-> %SystemRoot%\system32\regsvc.dll [RemoteRegistry] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 14/04/2008 05:42:06 | Attr = ]
-> %SystemRoot%\system32\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 71680 bytes | Modified Date = 14/04/2008 05:42:08 | Attr = ]
-> %SystemRoot%\system32\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 185856 bytes | Modified Date = 14/04/2008 05:42:10 | Attr = ]
-> %SystemRoot%\system32\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 68096 bytes | Modified Date = 14/04/2008 05:42:10 | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice -> File not found
explorer.exe -> %SystemRoot%\explorer -> File not found
spoolsv.exe -> %SystemRoot%\system32\spoolsv -> File not found
alg.exe -> %SystemRoot%\system32\alg -> File not found
ctfmon.exe -> %SystemRoot%\system32\ctfmon -> File not found
utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent -> File not found
wuauclt.exe -> %SystemRoot%\system32\wuauclt -> File not found
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse -> File not found
dil3.tmp -> %SystemRoot%\Temp\DIL3.tmp -> [Ver = | Size = 25088 bytes | Modified Date = 19/05/2008 14:42:21 | Attr = ]
17pholmes1001186.exe -> %SystemRoot%\17PHolmes1001186.exe -> File not found
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox -> File not found
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt -> File not found

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice -> File not found
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc -> File not found
(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\alg -> File not found
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state -> File not found
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(Browser) Computer Browser [Win32_Shared | Auto | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\cisvc -> File not found
(ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\clipsrv -> File not found
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw -> File not found
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\dllhost -> File not found
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin -> File not found
(dmserver) Logical Disk Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(Dot3svc) Wired AutoConfig [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(EapHost) Extensible Authentication Protocol Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services -> File not found
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache -> File not found
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(hkmsvc) Health Key and Certificate Management Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\imapi -> File not found
(LanmanServer) Server [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\mnmsrvc -> File not found
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\msdtc -> [Folder | Modified Date = 19/05/2008 10:48:57 | Attr = ]
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\msiexec -> File not found
(napagent) Network Access Protection Agent [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService -> File not found
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde -> File not found
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde -> File not found
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass -> File not found
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost -> File not found
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService -> File not found
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass -> File not found
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV -> File not found
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE -> File not found
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services -> File not found
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass -> File not found
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass -> File not found
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\sessmgr -> File not found
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(RemoteRegistry) Remote Registry [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\locator -> File not found
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\rsvp -> File not found
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass -> File not found
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\scardsvr -> File not found
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %SystemRoot%\system32\spoolsv -> File not found
(srservice) System Restore Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\dllhost -> File not found
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\smlogsvc -> File not found
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost -> File not found
(Themes) Themes [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(TlntSvr) Telnet [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\tlntsvr -> File not found
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\ups -> File not found
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\Messenger\usnsvc -> File not found
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\vssvc -> File not found
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(WebClient) WebClient [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wbem\wmiapsrv -> File not found
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk -> File not found
(wscsvc) Security Center [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost -> File not found
(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> File not found
runner1 -> %SystemRoot%\mrofinu1001186 [C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ctfmon.exe -> %SystemRoot%\system32\ctfmon [C:\WINDOWS\system32\ctfmon.exe] -> File not found
uTorrent -> %ProgramFiles%\uTorrent\uTorrent ["C:\Program Files\uTorrent\uTorrent.exe"] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader -> File not found
-> %UserProfile%\Start Menu\Programs\Startup\desktop -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersProfile%\Start Menu\Programs\Startup\desktop -> File not found
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ ->
Your Image File Name Here without a path -> %SystemRoot%\system32\ntsd [Debugger] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer -> File not found
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit -> File not found
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui -> File not found
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\rundll32 -> File not found
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom [system32\DRIVERS\cdrom.sys] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPIONEER_DVD-ROM_DVD-116_________________1.09____\5&12c74655&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomASUS_CRW-5232AS_________________________1.03____\5&12c74655&0&0.1.0 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC [ NTFS ] -> File not found
< HOSTS File > (239221 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft....k/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4427 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6601 domain(s) found. ->
40 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22/02/2008 04:25:19 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 04:25:19 | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec -> %SystemRoot%\Network Diagnostic\xpnetdiag [@xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office12\EXCEL -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{64C68A6C-A73B-48B6-9637-826A98C48F16} -> (Intel 21143-Based PCI Fast Ethernet Adapter (Generic)) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.ma...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> ->



[Files/Folders - Created Within 30 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 19/05/2008 10:54:28 | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Created Date = 19/05/2008 10:58:08 | Attr = HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 19/05/2008 10:54:28 | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 19/05/2008 10:59:19 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535875584 bytes | Created Date = 19/05/2008 11:10:10 | Attr = HS]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 19/05/2008 10:54:28 | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 19/05/2008 10:54:28 | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 19/05/2008 11:42:32 | Attr = RH ]
Program Files -> %ProgramFiles% -> [Folder | Created Date = 19/05/2008 11:00:57 | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 19/05/2008 11:19:03 | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 19/05/2008 10:59:18 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Created Date = 19/05/2008 10:52:37 | Attr = ]
big5.nls -> %SystemRoot%\System32\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 19/05/2008 11:02:22 | Attr = ]
bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 19/05/2008 11:02:22 | Attr = ]
cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 19/05/2008 11:02:32 | Attr = ]
chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 19/05/2008 11:02:35 | Attr = ]
c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 19/05/2008 11:02:23 | Attr = ]
c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 19/05/2008 11:02:23 | Attr = ]
c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 19/05/2008 11:02:24 | Attr = ]
c_10004.nls -> %SystemRoot%\System32\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:24 | Attr = ]
c_10005.nls -> %SystemRoot%\System32\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:24 | Attr = ]
c_10006.nls -> %SystemRoot%\System32\dllcache\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:51 | Attr = ]
c_10007.nls -> %SystemRoot%\System32\dllcache\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:52 | Attr = ]
c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 19/05/2008 11:02:24 | Attr = ]
c_10010.nls -> %SystemRoot%\System32\dllcache\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:48 | Attr = ]
c_10017.nls -> %SystemRoot%\System32\dllcache\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:52 | Attr = ]
c_10021.nls -> %SystemRoot%\System32\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:24 | Attr = ]
c_10029.nls -> %SystemRoot%\System32\dllcache\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:48 | Attr = ]
c_10081.nls -> %SystemRoot%\System32\dllcache\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:54 | Attr = ]
c_10082.nls -> %SystemRoot%\System32\dllcache\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:48 | Attr = ]
c_1047.nls -> %SystemRoot%\System32\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:24 | Attr = ]
c_1140.nls -> %SystemRoot%\System32\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:24 | Attr = ]
c_1141.nls -> %SystemRoot%\System32\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1142.nls -> %SystemRoot%\System32\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1143.nls -> %SystemRoot%\System32\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1144.nls -> %SystemRoot%\System32\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1145.nls -> %SystemRoot%\System32\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1146.nls -> %SystemRoot%\System32\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1147.nls -> %SystemRoot%\System32\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1148.nls -> %SystemRoot%\System32\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1149.nls -> %SystemRoot%\System32\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:25 | Attr = ]
c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 19/05/2008 11:02:26 | Attr = ]
c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 19/05/2008 11:02:26 | Attr = ]
c_20001.nls -> %SystemRoot%\System32\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 19/05/2008 11:02:26 | Attr = ]
c_20002.nls -> %SystemRoot%\System32\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 19/05/2008 11:02:26 | Attr = ]
c_20003.nls -> %SystemRoot%\System32\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 19/05/2008 11:02:26 | Attr = ]
c_20004.nls -> %SystemRoot%\System32\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 19/05/2008 11:02:26 | Attr = ]
c_20005.nls -> %SystemRoot%\System32\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 19/05/2008 11:02:26 | Attr = ]
c_20105.nls -> %SystemRoot%\System32\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20106.nls -> %SystemRoot%\System32\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20107.nls -> %SystemRoot%\System32\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20108.nls -> %SystemRoot%\System32\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20127.nls -> %SystemRoot%\System32\dllcache\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:00:43 | Attr = ]
c_20269.nls -> %SystemRoot%\System32\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20273.nls -> %SystemRoot%\System32\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20277.nls -> %SystemRoot%\System32\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20278.nls -> %SystemRoot%\System32\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20280.nls -> %SystemRoot%\System32\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:27 | Attr = ]
c_20284.nls -> %SystemRoot%\System32\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20285.nls -> %SystemRoot%\System32\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20297.nls -> %SystemRoot%\System32\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20420.nls -> %SystemRoot%\System32\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20423.nls -> %SystemRoot%\System32\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20424.nls -> %SystemRoot%\System32\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20833.nls -> %SystemRoot%\System32\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20838.nls -> %SystemRoot%\System32\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20871.nls -> %SystemRoot%\System32\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:28 | Attr = ]
c_20880.nls -> %SystemRoot%\System32\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:29 | Attr = ]
c_20924.nls -> %SystemRoot%\System32\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 19/05/2008 11:02:29 | Attr = ]
c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 19/05/2008 11:02:29 | Attr = ]
c_20936.nls -> %SystemRoot%\System3

Edited by rejaul2008, 19 May 2008 - 08:06 AM.

  • 0

Advertisements

#2
rejaul2008
Posted 19 May 2008 - 07:54 AM

rejaul2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
DIL.tmp files, VRR1.tmp files, mrofinu100186.exe AND 17PHolmes1001186.exe INFECTION VIRUS will not LEAVE!, they keep on coming and going from my computer.....

and im using a paint software called PAINT.NET and i keep getting a message and it wont open up nemore since iv started getting them viruses, the message says... the application failed to intialize properly (0xc000007b) Click on Ok to terminate the application.

can you please help me remove these files and help with my programs some of them dont hardly work.

iv provided a log file using HIJACK THIS to help you with this matter.

Thanks

HERES A LATEST HIJACK THIS LOG FILE CAN YOU SEE IF THERES ANY OTHER VIRUS TRYING TO INFECT MY MACHINE THANKS.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:25, on 19/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\DIL5.tmp
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 3584 bytes

Edited by rejaul2008, 19 May 2008 - 08:07 AM.

  • 0

#3
rejaul2008
Posted 19 May 2008 - 08:33 AM

rejaul2008

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
CAN YOU PLEASE HELP ME WITH THIS?
  • 0

#4
Rorschach112
Posted 19 May 2008 - 09:19 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Don't waste our time by posting at multiple forums

http://forums.whatth...186_t91984.html

It also helps if you don't bump your own topic
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP