Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

mrofinu100186 and DIL.tmp will not LEAVE!

Started by INNEEDOFHELPPLEASE , Apr 05 2008 07:29 AM

  • This topic is locked This topic is locked

#31
INNEEDOFHELPPLEASE
Posted 06 April 2008 - 03:06 PM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
ComboFix 08-04-04.1 - Owner 2008-04-06 17:03:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\mrofinu1001186.exe.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-06 16:11 . 2008-04-06 16:11 <DIR> d-------- C:\Program Files\nvcoi
2008-04-06 13:58 . 2008-04-06 13:58 <DIR> d-------- C:\Deckard
2008-04-06 11:55 . 2008-04-06 11:55 <DIR> d-------- C:\_OTMoveIt
2008-04-06 11:06 . 2008-04-06 11:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-06 11:05 . 2008-04-06 11:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-06 11:05 . 2008-04-06 11:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 10:57 . 2008-04-06 10:57 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-30 18:12 . 2008-03-30 18:12 <DIR> d-------- C:\Program Files\Audacity
2008-03-29 07:09 . 2008-03-29 07:09 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-03-29 07:09 . 2008-03-29 07:09 <DIR> d-------- C:\Program Files\MSECACHE
2008-03-28 22:14 . 2008-03-28 22:14 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-28 22:05 . 2008-03-28 22:05 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-28 22:05 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-26 12:02 . 2008-03-26 12:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-26 12:02 . 2008-03-26 12:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-22 11:47 . 2008-03-26 12:23 <DIR> d-------- C:\wally
2008-03-22 10:58 . 2008-03-22 10:58 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-22 10:31 . 2008-03-22 10:31 52,010 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-21 16:29 . 2008-03-21 16:29 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-03-21 11:25 . 2008-03-25 09:08 0 --a------ C:\WINDOWS\system32\NvApps.xml
2008-03-21 11:05 . 2008-03-21 11:05 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-03-21 11:05 . 2008-03-21 11:05 <DIR> d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-03-21 10:50 . 2008-03-21 10:50 <DIR> d-------- C:\WINDOWS\nview
2008-03-21 10:50 . 2008-03-21 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-21 10:38 . 2008-03-21 10:38 <DIR> d-------- C:\NVIDIA
2008-03-20 19:36 . 2007-12-20 22:35 3,107,788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-03-20 19:36 . 2007-12-20 22:35 3,107,788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-03-20 19:36 . 2007-12-20 22:35 887,724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-03-20 19:36 . 2007-11-27 15:34 160,289 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-03-20 19:36 . 2007-11-20 04:23 11,874 -ra------ C:\WINDOWS\atiogl.xml
2008-03-20 19:36 . 2007-08-31 10:20 7,167 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-03-20 19:36 . 2008-03-20 19:36 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-20 18:27 . 2008-03-20 18:27 <DIR> d-------- C:\ATI
2008-03-20 16:17 . 2008-03-07 10:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-20 16:11 . 2008-03-21 10:50 <DIR> d-------- C:\Program Files\ATI Technologies
2008-03-10 18:44 . 2008-03-21 11:04 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-03-07 11:04 . 2008-03-07 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-03-07 10:57 . 2008-03-21 10:26 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies(2)
2008-03-07 10:13 . 2008-03-07 10:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 20:59 --------- d-----w C:\Program Files\Steam
2008-04-06 20:16 --------- d-----w C:\Program Files\QuickTime
2008-04-06 20:15 --------- d-----w C:\Program Files\GoldWave
2008-04-05 19:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 15:19 --------- d-----w C:\Program Files\Bonjour
2008-04-05 13:28 --------- d-----w C:\Program Files\Trend Micro
2008-04-05 13:03 --------- d-----w C:\Program Files\Unlocker
2008-04-04 21:46 --------- d-----w C:\Program Files\Microsoft Works
2008-03-29 02:30 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-03-29 02:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-22 15:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-22 14:35 --------- d-----w C:\Program Files\CCleaner
2008-03-21 20:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2008-03-21 15:05 --------- d-----w C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-03-21 14:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 14:58 --------- d-----w C:\Program Files\Wizet 2
2008-03-21 14:38 --------- d-----w C:\Program Files\Driver Cleaner Pro
2008-03-14 23:56 3,254 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag(3).dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag(2).dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx(3).dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx(2).dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx(3).dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx(2).dll
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx(4).dll
2008-02-26 03:00 598,016 ----a-w C:\WINDOWS\system32\ati2evxx(3).exe
2008-02-26 03:00 532,480 ----a-w C:\WINDOWS\system32\ati2evxx(2).exe
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag(3).dll
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag(2).dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx(3).dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx(2).dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag(3).dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag(2).dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2(3).dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2(2).dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag(3).dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag(2).dll
2008-02-23 20:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-23 19:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\ChemTable Software
2008-02-23 18:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\PC Tools
2008-02-23 18:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2008-02-17 21:30 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-02-09 23:03 --------- d-----w C:\Program Files\OGPlanet
2007-11-10 13:00 80 --sh--r C:\WINDOWS\system32\845E730390.dll
.

------- Sigcheck -------

2007-06-13 06:23 1043968 5c251c5f757570c860def33f582c946e C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 15:00 1042944 e13874a27c095960b3ddfd6466423c2e C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 06:23 1043968 281b8881e2d2dff277ef1ca7c748544c C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-06_16.08.12.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-06 19:10:23 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-06 20:59:41 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-06 19:10:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-06 20:59:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-06 20:12:05 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008040620080407\index.dat
+ 2008-04-06 20:12:08 78,924 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
- 2008-04-06 19:10:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-06 20:59:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-06 19:10:52 40,448 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\unpr[1].exe
+ 2008-04-06 21:00:10 40,448 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\unpr[1].exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 07:00 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 58880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2006-12-06 23:30 237568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [2008-04-06 16:11 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 15:00 64512 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.FPS1"= frapsvid.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 212992 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoInclude]
C:\WINDOWS\TEMP\DIL12.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c0.exe]
--a------ 2007-04-15 11:07 651264 C:\aidualc3\c0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-12-08 21:57 563200 C:\WINDOWS\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 15:00 58880 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 00:56 75264 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 21:07 138240 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McafWelcome]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 20:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-09-18 12:32 7204864 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-09-18 12:32 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1638400 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2004-02-17 18:51 962625 C:\Program Files\Trend Micro\Antivirus\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCClient.exe]
--a------ 2004-02-17 18:51 680005 C:\Program Files\Trend Micro\Antivirus\PCClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 11:54 294912 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
--a------ 2005-08-27 09:09 151552 C:\Program Files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-09-22 13:36 14866944 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1001186.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2006-11-17 17:14 4850176 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-11-18 09:02 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TM Outbreak Agent]
--a------ 2004-02-17 18:50 303104 C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 13:19 26624 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"NVSvc"=2 (0x2)
"PrismXL"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 09:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{283b87f1-92d3-11da-9815-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb7fa335-3a79-11d7-93b8-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 17:05:33
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-06 17:06:01
ComboFix-quarantined-files.txt 2008-04-06 21:05:52
ComboFix2.txt 2008-04-06 20:08:36
Pre-Run: 64,319,885,312 bytes free
Post-Run: 64,295,256,064 bytes free
.
2008-03-29 10:49:29 --- E O F ---
  • 0

Advertisements

#32
harrythook
Posted 07 April 2008 - 06:09 AM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Good morning,
Lets try to get rid of a couple of items:

Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Save it to your desktop has fixit.reg (filetype = any)

REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"nvcoi"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoInclude]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

NOTICE: This file was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please reply back letting me know if it merged correctly.

Run a fresh HJT log please.

Harry
  • 0

#33
INNEEDOFHELPPLEASE
Posted 07 April 2008 - 01:47 PM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I'm not sure if I have this fixit.reg :/
  • 0

#34
harrythook
Posted 08 April 2008 - 02:07 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
I am sorry again, part of the instructions got cut out. Do it like this:

Next, lets remove the unwanted items.
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to your desktop (click file, save as) as fixit.reg In the same open notepad, at the bottom select:(filetype = any).

Continue on with the fix.

Harry
  • 0

#35
INNEEDOFHELPPLEASE
Posted 08 April 2008 - 02:30 PM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Ok I merged it but I didn't reboot when doing this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:08 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\steam\steamapps\perfect_shot01\counter-strike\hl.exe
C:\Program Files\Steam\GameOverlayUI.exe
C:\Documents and Settings\Owner\Desktop\HLSS 3.00.exe
C:\WINDOWS\mrofinu.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=T6532
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O4 - HKLM\..\Run: [DeathAdder] "C:\Program Files\Razer\DeathAdder\razerhid.exe"
O4 - HKLM\..\Run: [AutoInclude] C:\WINDOWS\TEMP\DIL16.tmp
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3
D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C28323133A9D26033AAC
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload....Plugin11USA.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bol...geUploader3.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload....Plugin10USA.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5934 bytes
  • 0

#36
INNEEDOFHELPPLEASE
Posted 08 April 2008 - 02:30 PM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Also are you at work or something? You haven't been in irc in a while :)
  • 0

#37
harrythook
Posted 08 April 2008 - 07:25 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts

Also are you at work or something? You haven't been in irc in a while :)

Yep, gotta pay the bills.

Reboot the machine please, give me a fresh HJT and run OTScanIt if you would.
I'll see you in IRC, but I do have a heavy work schedule for the next 5 days.

Harry
  • 0

#38
INNEEDOFHELPPLEASE
Posted 09 April 2008 - 04:26 AM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:41 AM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\mrofinu1001186.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=T6532
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O4 - HKLM\..\Run: [DeathAdder] "C:\Program Files\Razer\DeathAdder\razerhid.exe"
O4 - HKLM\..\Run: [AutoInclude] C:\WINDOWS\TEMP\DIL16.tmp
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload....Plugin11USA.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bol...geUploader3.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload....Plugin10USA.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5784 bytes
  • 0

#39
harrythook
Posted 09 April 2008 - 08:31 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
OK, we still have some stuff reloading, I really could have used that OTScanIt report.

I need to see the results from Panda:
Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

I am in the process of researching this, hang in there.

Harry
  • 0

#40
INNEEDOFHELPPLEASE
Posted 10 April 2008 - 05:23 AM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Sorry, I thought I posted the OTScanit Log also but I guess I forgot. Here's the OTScanit and I'm running Panda, guess what, 14% = 2500 viruses LOL. 

OTScanIt logfile created on: 4/10/2008 7:21:43 AM
OTScanIt by OldTimer - Version 1.0.9.0	 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
895.36 Mb Total Physical Memory | 296.84 Mb Available Physical Memory | 33.15% Memory free
2.11 Gb Paging File | 1.49 Gb Available in Paging File | 70.49% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.23 Gb Total Space | 59.43 Gb Free Space | 32.61% Space Free | Partition Type: NTFS
Drive D: | 4.06 Gb Total Space | 2.38 Gb Free Space | 58.67% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-3148D5A58A
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 3/19/2008 5:08:58 PM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 241664 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
tmntsrv.exe -> %ProgramFiles%\Trend Micro\Antivirus\Tmntsrv.exe -> Trend Micro Incorporated. [Ver = 11.25.0.2004 | Size = 286793 bytes | Modified Date = 2/17/2004 6:57:36 PM | Attr =	]
tmproxy.exe -> %ProgramFiles%\Trend Micro\Antivirus\tmproxy.exe -> Trend Micro Incorporated. [Ver = 11.25.0.2004 | Size = 282697 bytes | Modified Date = 2/17/2004 6:58:48 PM | Attr =	]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,2,3,2132 | Size = 3473920 bytes | Modified Date = 11/17/2006 5:14:00 PM | Attr =	]
razerhid.exe -> %ProgramFiles%\Razer\DeathAdder\razerhid.exe ->  [Ver = 1, 0, 0, 1 | Size = 237568 bytes | Modified Date = 12/6/2006 11:30:42 PM | Attr =	]
razertra.exe -> %ProgramFiles%\Razer\DeathAdder\razertra.exe ->  [Ver = 1, 0, 0, 1 | Size = 221184 bytes | Modified Date = 11/24/2006 5:24:16 PM | Attr =	]
razerofa.exe -> %ProgramFiles%\Razer\DeathAdder\razerofa.exe -> Razer Inc. [Ver = 4.0.0.4 | Size = 176128 bytes | Modified Date = 11/22/2006 2:42:44 PM | Attr =	]
steam.exe -> %ProgramFiles%\Steam\steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 3/28/2008 7:00:29 AM | Attr =	]
aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.13: 2008031114 | Size = 7660656 bytes | Modified Date = 3/27/2008 7:19:29 AM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 4/4/2008 12:24:38 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 3/19/2008 5:08:58 PM | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 241664 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 235520 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 731136 bytes | Modified Date = 3/22/2008 10:58:21 AM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] ->  -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8133 | Size = 176195 bytes | Modified Date = 9/18/2005 12:32:00 PM | Attr =	]
(PrismXL) PrismXL [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 1/31/2006 11:40:30 PM | Attr =	]
(Tmntsrv) Trend NT Realtime Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Antivirus\Tmntsrv.exe -> Trend Micro Incorporated. [Ver = 11.25.0.2004 | Size = 286793 bytes | Modified Date = 2/17/2004 6:57:36 PM | Attr =	]
(tmproxy) Trend Micro Proxy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Antivirus\tmproxy.exe -> Trend Micro Incorporated. [Ver = 11.25.0.2004 | Size = 282697 bytes | Modified Date = 2/17/2004 6:58:48 PM | Attr =	]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,2,3,2132 | Size = 3473920 bytes | Modified Date = 11/17/2006 5:14:00 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AutoInclude -> %SystemRoot%\TEMP\DIL16.tmp [C:\WINDOWS\TEMP\DIL16.tmp] ->  [Ver =  | Size = 4096 bytes | Modified Date = 4/6/2008 5:06:36 PM | Attr =	]
DeathAdder -> %ProgramFiles%\Razer\DeathAdder\razerhid.exe ["C:\Program Files\Razer\DeathAdder\razerhid.exe"] ->  [Ver = 1, 0, 0, 1 | Size = 237568 bytes | Modified Date = 12/6/2006 11:30:42 PM | Attr =	]
runner1 -> %SystemRoot%\mrofinu1001186.exe [C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310] ->  [Ver = 1, 0, 0, 1 | Size = 51712 bytes | Modified Date = 4/9/2008 3:09:31 AM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Steam -> %ProgramFiles%\Steam\steam.exe ["c:\program files\steam\steam.exe" -silent] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 3/28/2008 7:00:29 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
WRNotifier -> %SystemRoot%\system32\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,2,3,2132 | Size = 209408 bytes | Modified Date = 11/17/2006 5:14:14 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (533 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T6532 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 5:56:50 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr =	]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\bae.dll [CBrowserHelperObject Object] -> Gateway Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 2/1/2006 7:54:30 AM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr =	]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1C0F6DB9-A396-49D2-AEA8-BB42F4BB059F} ->	(NVIDIA nForce Networking Controller) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 2/1/2008 5:22:12 PM | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00000055-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/fhg.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{5F5F9FB8-878E-4455-95E0-F64B2314288A}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab[Reg Error: Key does not exist or could not be opened.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8}[HKEY_LOCAL_MACHINE] -> http://filelodge.bolt.com/ImageUploader3.cab[Aurigma Image Uploader 3.5 Control] -> 
{A2E05F45-F127-4092-B9F7-9A02C3E04C77}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab[Java Plug-in 1.5.0_07] -> 
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CD995117-98E5-4169-9920-6C12D4C0B548}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab[Reg Error: Key does not exist or could not be opened.] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Reg Error: Key does not exist or could not be opened.] -> 
{DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiPreNotify2.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiPreNotify2.exe\\.Owner -> {5F5F9FB8-878E-4455-95E0-F64B2314288A} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiPreNotify2.exe\\{5F5F9FB8-878E-4455-95E0-F64B2314288A} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjistarter.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjistarter.exe\\.Owner -> {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjistarter.exe\\{DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjistarter2.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjistarter2.exe\\.Owner -> {5F5F9FB8-878E-4455-95E0-F64B2314288A} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjistarter2.exe\\{5F5F9FB8-878E-4455-95E0-F64B2314288A} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader3.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader3.ocx\\.Owner -> {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader3.ocx\\{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} ->  -> 



[Files/Folders - Created Within 30 days]
ATI -> %SystemDrive%\ATI ->  [Folder | Created Date = 3/20/2008 6:27:56 PM | Attr =	]
Boot.bak -> %SystemDrive%\Boot.bak ->  [Ver =  | Size = 208 bytes | Created Date = 4/6/2008 4:54:20 PM | Attr =	]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 4/6/2008 4:54:09 PM | Attr =	]
cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 260272 bytes | Created Date = 4/6/2008 4:54:16 PM | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 4/6/2008 5:02:44 PM | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 4/6/2008 1:58:55 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 938921984 bytes | Created Date = 4/6/2008 11:03:28 AM | Attr =  HS]
NVIDIA -> %SystemDrive%\NVIDIA ->  [Folder | Created Date = 3/21/2008 10:38:32 AM | Attr =	]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 4/6/2008 4:01:51 PM | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 4/6/2008 5:27:32 PM | Attr =  HS]
wally -> %SystemDrive%\wally ->  [Folder | Created Date = 3/22/2008 11:47:19 AM | Attr =	]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 4/6/2008 11:55:43 AM | Attr =	]
atifglpf.xml -> %SystemRoot%\System32\atifglpf.xml ->  [Ver =  | Size = 7167 bytes | Created Date = 3/20/2008 7:36:13 PM | Attr = R  ]
atiicdxx.dat -> %SystemRoot%\System32\atiicdxx.dat ->  [Ver =  | Size = 160289 bytes | Created Date = 3/20/2008 7:36:09 PM | Attr = R  ]
ativva5x.dat -> %SystemRoot%\System32\ativva5x.dat ->  [Ver =  | Size = 3107788 bytes | Created Date = 3/20/2008 7:36:10 PM | Attr = R  ]
ativva6x.dat -> %SystemRoot%\System32\ativva6x.dat ->  [Ver =  | Size = 887724 bytes | Created Date = 3/20/2008 7:36:11 PM | Attr = R  ]
ativvaxx.dat -> %SystemRoot%\System32\ativvaxx.dat ->  [Ver =  | Size = 3107788 bytes | Created Date = 3/20/2008 7:36:09 PM | Attr = R  ]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Created Date = 3/20/2008 4:17:28 PM | Attr =	]
MRT.INI -> %SystemRoot%\System32\MRT.INI ->  [Ver =  | Size = 63462 bytes | Created Date = 3/22/2008 10:31:29 AM | Attr =	]
NvApps.xml -> %SystemRoot%\System32\NvApps.xml ->  [Ver =  | Size = 0 bytes | Created Date = 3/21/2008 11:25:50 AM | Attr =	]
17PHolmes1001186.exe -> %SystemRoot%\17PHolmes1001186.exe ->  [Ver = 1, 0, 0, 1 | Size = 38400 bytes | Created Date = 4/9/2008 6:34:42 AM | Attr =	]
atiogl.xml -> %SystemRoot%\atiogl.xml ->  [Ver =  | Size = 11874 bytes | Created Date = 3/20/2008 7:36:14 PM | Attr = R  ]
ativpsrm.bin -> %SystemRoot%\ativpsrm.bin ->  [Ver =  | Size = 0 bytes | Created Date = 3/20/2008 7:36:19 PM | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 4/6/2008 1:59:18 PM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 4/6/2008 4:01:50 PM | Attr =	]
grep.exe -> %SystemRoot%\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 4/6/2008 4:01:50 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1355 bytes | Created Date = 4/9/2008 3:00:43 AM | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 4/10/2008 6:28:33 AM | Attr =	]
mrofinu1001186.exe -> %SystemRoot%\mrofinu1001186.exe ->  [Ver = 1, 0, 0, 1 | Size = 51712 bytes | Created Date = 4/8/2008 4:45:42 PM | Attr =	]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 4/6/2008 4:01:50 PM | Attr =	]
nview -> %SystemRoot%\nview ->  [Folder | Created Date = 3/21/2008 10:50:59 AM | Attr =	]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 4/6/2008 5:06:03 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 3/26/2008 12:02:07 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 3/26/2008 12:02:07 PM | Attr =  H ]
sed.exe -> %SystemRoot%\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 4/6/2008 4:01:50 PM | Attr =	]
swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 4/6/2008 4:01:50 PM | Attr =	]
swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 4/6/2008 4:01:50 PM | Attr =	]
swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 4/6/2008 4:01:50 PM | Attr =	]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 4/6/2008 5:06:03 PM | Attr =	]
VFind.exe -> %SystemRoot%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 4/6/2008 4:01:50 PM | Attr =	]
zip.exe -> %SystemRoot%\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 4/6/2008 4:01:50 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
aidualc3 -> %SystemDrive%\aidualc3 ->  [Folder | Modified Date = 3/21/2008 11:05:33 AM | Attr =	]
ATI -> %SystemDrive%\ATI ->  [Folder | Modified Date = 3/20/2008 6:27:56 PM | Attr =	]
Boot.bak -> %SystemDrive%\Boot.bak ->  [Ver =  | Size = 208 bytes | Modified Date = 4/5/2008 9:36:01 PM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 279 bytes | Modified Date = 4/6/2008 4:54:20 PM | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Modified Date = 4/6/2008 4:54:19 PM | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 4/6/2008 5:06:05 PM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 4/9/2008 3:02:18 AM | Attr =  HS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 4/6/2008 1:58:55 PM | Attr =	]
Fraps -> %SystemDrive%\Fraps ->  [Folder | Modified Date = 4/5/2008 11:17:01 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 938921984 bytes | Modified Date = 4/9/2008 6:33:51 AM | Attr =  HS]
NVIDIA -> %SystemDrive%\NVIDIA ->  [Folder | Modified Date = 3/21/2008 10:38:32 AM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 4/10/2008 6:28:23 AM | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 4/6/2008 5:06:02 PM | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 4/6/2008 5:27:32 PM | Attr =  HS]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 3/28/2008 10:14:24 PM | Attr =	]
wally -> %SystemDrive%\wally ->  [Folder | Modified Date = 3/26/2008 12:23:09 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 4/10/2008 6:28:34 AM | Attr =	]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 4/6/2008 11:55:43 AM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 3/21/2008 11:14:36 AM | Attr =	]
9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 4/9/2008 6:57:01 AM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 4/5/2008 11:19:07 AM | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 3/21/2008 10:58:40 AM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 4/9/2008 3:01:17 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 4/10/2008 6:30:31 AM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1608128 bytes | Modified Date = 4/9/2008 3:08:44 AM | Attr =	]
Lang -> %SystemRoot%\System32\Lang ->  [Folder | Modified Date = 3/28/2008 7:59:50 PM | Attr =	]
MRT.INI -> %SystemRoot%\System32\MRT.INI ->  [Ver =  | Size = 63462 bytes | Modified Date = 4/9/2008 6:29:44 AM | Attr =	]
mui -> %SystemRoot%\System32\mui ->  [Folder | Modified Date = 3/29/2008 7:32:31 AM | Attr =	]
NvApps.xml -> %SystemRoot%\System32\NvApps.xml ->  [Ver =  | Size = 0 bytes | Modified Date = 3/25/2008 9:08:53 AM | Attr =	]
oobe -> %SystemRoot%\System32\oobe ->  [Folder | Modified Date = 4/9/2008 3:22:30 AM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 83208 bytes | Modified Date = 3/29/2008 7:33:16 AM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 451694 bytes | Modified Date = 3/29/2008 7:33:16 AM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 522568 bytes | Modified Date = 3/29/2008 7:33:16 AM | Attr =	]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups ->  [Folder | Modified Date = 3/21/2008 10:47:56 AM | Attr =	]
RTCOM -> %SystemRoot%\System32\RTCOM ->  [Folder | Modified Date = 3/28/2008 7:57:50 PM | Attr =	]
spool -> %SystemRoot%\System32\spool ->  [Folder | Modified Date = 3/28/2008 10:05:43 PM | Attr =	]
URTTemp -> %SystemRoot%\System32\URTTemp ->  [Folder | Modified Date = 3/29/2008 7:38:47 AM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 4/5/2008 11:18:45 AM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1170 bytes | Modified Date = 4/9/2008 6:34:25 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 4/9/2008 3:02:03 AM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
17PHolmes1001186.exe -> %SystemRoot%\17PHolmes1001186.exe ->  [Ver = 1, 0, 0, 1 | Size = 38400 bytes | Modified Date = 4/9/2008 6:34:42 AM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 3/29/2008 8:44:20 PM | Attr = R S]
ativpsrm.bin -> %SystemRoot%\ativpsrm.bin ->  [Ver =  | Size = 0 bytes | Modified Date = 3/20/2008 7:36:19 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 4/9/2008 6:33:52 AM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 4/9/2008 6:27:47 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 4/6/2008 2:00:15 PM | Attr =   S]
ehome -> %SystemRoot%\ehome ->  [Folder | Modified Date = 4/9/2008 3:21:34 AM | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 4/6/2008 4:04:50 PM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 3/26/2008 12:16:49 PM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 4/9/2008 3:21:35 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1355 bytes | Modified Date = 4/9/2008 3:01:18 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 4/9/2008 3:02:06 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 4/9/2008 3:02:18 AM | Attr =  HS]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 4/10/2008 6:28:34 AM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 3/29/2008 8:44:23 PM | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 4/5/2008 10:01:52 AM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 4112 bytes | Modified Date = 4/10/2008 6:28:24 AM | Attr =	]
mrofinu1001186.exe -> %SystemRoot%\mrofinu1001186.exe ->  [Ver = 1, 0, 0, 1 | Size = 51712 bytes | Modified Date = 4/9/2008 3:09:31 AM | Attr =	]
nview -> %SystemRoot%\nview ->  [Folder | Modified Date = 3/21/2008 10:50:59 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 4/10/2008 6:32:53 AM | Attr =	]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 4/6/2008 5:06:03 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 3/26/2008 12:02:07 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 3/26/2008 12:02:07 PM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 4/5/2008 11:18:45 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 3/29/2008 3:08:56 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 4/6/2008 5:05:29 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 4/9/2008 3:08:29 AM | Attr =	]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 4/10/2008 6:28:43 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 4/9/2008 3:22:35 AM | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 4/5/2008 9:36:01 PM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 3/29/2008 7:33:08 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 4/9/2008 6:33:57 AM | Attr =  H ]
eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 1/9/2005 9:20:09 PM | Attr =  H ]
eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 1/9/2005 9:20:38 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5348 bytes | Modified Date = 4/9/2008 3:02:54 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 6606 bytes | Modified Date = 4/9/2008 3:02:54 AM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8424 bytes | Modified Date = 9/9/2007 1:55:47 PM | Attr =	]
mspi11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\PI\mspi11.dat ->  [Ver =  | Size = 4 bytes | Modified Date = 10/30/2007 7:41:07 PM | Attr =	]
mspod11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\POD\mspod11.dat ->  [Ver =  | Size = 4 bytes | Modified Date = 10/30/2007 7:41:07 PM | Attr =	]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/21/2006 8:40:23 PM | Attr =	]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 166245 bytes | Modified Date = 6/21/2006 8:40:55 PM | Attr =	]
mpengine.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\mpengine.dll -> Microsoft Corporation [Ver = 1.1.3301.0 | Size = 3235408 bytes | Modified Date = 4/9/2008 6:34:24 AM | Attr =	]
11 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> 

< End of report >

  • 0

Advertisements

#41
INNEEDOFHELPPLEASE
Posted 10 April 2008 - 01:57 PM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
The Panda log is too long so I uploaded it to FileFront since it couldn't fit in the upload here either.
http://files.filefro...ntxt/;9985429;/

also one more thing, should I click the 'Disinfect' Button on the bottom or do you have something that I need to do first?

Edited by INNEEDOFHELPPLEASE, 10 April 2008 - 01:59 PM.

  • 0

#42
harrythook
Posted 10 April 2008 - 06:58 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey INNEEDOFHELPPLEASE,
The Panda scan showed what I thought from the beginning, the type of infection that you have is a file infector generally named as a Virut infection.
This infection is fatal to your machine, any method of removal at this stage is useless. This is why some of the scans that I had you do show huge amounts of infected files, some of which are critical to the operation of the computer. Removal equals destroying your operating system, so the virus wins this time.

I would caution you not to try to save any of the files on that machine, as you will more than likely infect whatever machine you try to view these files from. The only direction now is to re-format and reload that machine. Do you have the original OS disk that came with the machine?

I will be more than happy to walk you through the method of reformat and re-install, or have one of our tech experts in that field help you.

Please let me know if I can help, or if you have any other questions.

Harry
  • 0

#43
INNEEDOFHELPPLEASE
Posted 10 April 2008 - 07:39 PM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Oh I see. Yes I do have the emachines CD but how do I backup my like files that I need to keep?
  • 0

#44
INNEEDOFHELPPLEASE
Posted 10 April 2008 - 07:47 PM

INNEEDOFHELPPLEASE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I mean I really really really desperately need to keep a couple of photos, the mp3s I don't really mind because I'll redownload them some other time. Also I would like to know how to prevent this from ever happening again.
  • 0

#45
harrythook
Posted 11 April 2008 - 03:57 AM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
I will work on an idea for the photos, unfortunatly I am traveling for work today.
I will get back to you tonight or in the morning.

Harry
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP